Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE problems [CLOSED]


  • This topic is locked This topic is locked

#1
Rabell

Rabell

    Member

  • Member
  • PipPip
  • 29 posts
Hi please some help me. IE open the home page slowly you try to click on a link it will not open.

Also firefox will not work ether???

HELP!!

here is the Hijack log:

gfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:37 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D84804A-B88B-48C2-9194-886FBB6F1509} - C:\WINDOWS\system32\ssqpmml.dll (file missing)
O2 - BHO: (no name) - {1E3B8E51-03FB-4051-81AF-8878EACA7038} - C:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: {eb3ad19b-9c1e-4a0b-ea24-601a8478fd85} - {58df8748-a106-42ae-b0a4-e1c9b91da3be} - C:\WINDOWS\system32\csphjrlo.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0251740-170C-4CD8-9008-2BCB84D65F53} - C:\WINDOWS\system32\opnnlijj.dll (file missing)
O2 - BHO: (no name) - {A6C8C62D-377E-4756-817C-4796F4BEA0A7} - C:\WINDOWS\system32\krukduqt.dll (file missing)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\ljJAtTkJ.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\efdwkjek.dll",setvm
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [405ed757] rundll32.exe "C:\WINDOWS\system32\tjgngmwb.dll",b
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [BM436de4cb] Rundll32.exe "C:\WINDOWS\system32\qmdaerjb.dll",s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKCU\..\Run: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [PHONE SURF] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PROGRA~1\FlapAxis.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: ljJAtTkJ - ljJAtTkJ.dll (file missing)
O20 - Winlogon Notify: ssqpmml - ssqpmml.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Rabell

Rabell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Rorschach112,

It is window xp media center edition sp2.....

It that home or pro ?

Microsoft does not have the file for media center?

Russ
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Not sure

Just go and run ComboFix
  • 0

#5
Rabell

Rabell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok, Combofix log & Hijack log...

hijack log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31, on 2008-05-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [BM436de4cb] Rundll32.exe "C:\WINDOWS\system32\qmdaerjb.dll",s
O4 - HKLM\..\Run: [405ed757] rundll32.exe "C:\WINDOWS\system32\tjgngmwb.dll",b
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\efdwkjek.dll",setvm
O4 - HKLM\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKCU\..\Run: [PHONE SURF] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PROGRA~1\FlapAxis.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKUS\S-1-5-21-180328301-726900715-2737616995-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: ljJAtTkJ - ljJAtTkJ.dll (file missing)
O20 - Winlogon Notify: ssqpmml - ssqpmml.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 14044 bytes

attached file is combofix .txt

Attached Files


Edited by Rabell, 20 May 2008 - 07:00 PM.

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log instead of attaching it
  • 0

#7
Rabell

Rabell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
here it is:

ComboFix 08-05-19.4 - HP_Administrator 2008-05-20 16:00:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.430 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\UYWKRPEG\www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\UYWKRPEG\www.broadcaster.com\played_list.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\UYWKRPEG\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte10_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte11_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte12_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte13_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte14_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte9_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030203lib_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102angel_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigluf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102birthday_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102cheers_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102flo_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102good_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102jump_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102king_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102lough_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102luf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102smile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102smiled_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102sor_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102thanx_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102uhu_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\040103ahh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\040103wow_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\040104_emi2_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\042102_1134_112_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103big_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103gig_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103hm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103norm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema15_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema16_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema17_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema18_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema24_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema25_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema26_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema30_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema33_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema34_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\062802hippi_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\062802jumpie_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\080402argh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\080402oops_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\080402ouch_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\082502no_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\082502yes_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_boring1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_confused_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_fantastic_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_feel_better_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_gimme_break_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_heehee_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_hlopaet_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_ign_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_lol_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_no_comment_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_peace_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_smashing_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\blocked.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\blocked2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_add-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_back-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\business_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\buttondir.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\components.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css_cattree.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css_flashpreview.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css2_main.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css2_pagingmodule.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css2_topbuttons.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\cursors.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\delete.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\edit_clear_sound.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\edit_fs.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\edit_select.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-543450.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-589306.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-591943.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-592579.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-598579.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-603763.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9696.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511745-514279.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-bcards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-ecards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-emoticons.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-estationery.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-funny.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-help.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-images.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-info.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-more.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-my.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new2.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-options.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-people.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-photo.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-tell.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-temp.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-text.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-voice.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-premium-email-premium.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-t1-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-temp-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\estatationery.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\flashpatch.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\flashpreview.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\fs3.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\hotbar_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_checked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_send.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_flash_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_recently_used.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_sand-clock2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tree_null.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout4.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_corner_left.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_local_logo.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_basetemplate.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbgroups.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobject3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobjectset3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hotbarwrapper.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_texts3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_xmltree3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\layout.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\linkpathlegal.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\n.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\nav_b_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\nav_bb_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\nav_f_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\nav_ff_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\progress.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\sales_buttons.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\searchbtn.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\seekmo_btn.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\submit.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bg.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bga.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bgia.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_l.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_la.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_lia.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_r.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ra.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ria.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tree_dots.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tree_minus.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tree_plus.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_animations.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_backgrounds.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_ecards.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_emoticons.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_notifiers.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_text.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte10_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte11_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte12_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte13_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte14_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte9_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030203lib_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102angel_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102bigluf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102bigsmile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102birthday_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102cheers_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102flo_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102good_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102jump_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102king_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102lough_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102luf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102smile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102smiled_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102sor_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102thanx_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102uhu_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\040103ahh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\040103wow_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\040104_emi2_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\042102_1134_112_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103big_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103gig_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103hm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103nomail_emoti_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103norm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema15_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema16_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema17_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema18_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema24_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema25_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema26_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema30_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema33_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema34_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\062802hippi_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\062802jumpie_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\080402argh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\080402oops_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\080402ouch_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\082502no_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\082502yes_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_boring1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_confused_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_crying_ugly_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_fantastic_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_feel_better_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_gimme_break_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_heehee_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_hlopaet_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_ign_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_lol_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_no_comment_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_peace_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_smashing_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_talk2thehand_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\block_sm.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\block_sm2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\block_smli.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\block_smli2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\blocked.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\blocked2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_add-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_back-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_left_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_left_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_left_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_middle_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_middle_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_right_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_right_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_right_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\business_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\buttondir.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\components.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css_cattree.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css_flashpreview.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css2_main.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css2_pagingmodule.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css2_topbuttons.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\cursors.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\delete.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\edit_clear_sound.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\edit_fs.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\edit_select.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-543450.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-589306.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-591943.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-592579.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-598579.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-603763.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-9696.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511745-514279.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-backgrounds.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-bcards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-ecards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-emoticons.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-estationery.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-funny.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-help.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-images.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-info.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-more.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-my.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-new.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-new2.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-options.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-people.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-photo.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-tell.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-temp.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-text.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-voice.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-premium-email-premium.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-t1-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-temp-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\estatationery.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\flashpatch.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\flashpreview.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\fs3.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\hotbar_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_checked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_close_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_close_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_edit_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_edit_send.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_flash_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_recently_used.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_remove_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_remove_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_sand-clock2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_tell_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_tell_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_tree_null.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_unchecked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_unchecked_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_barlayout.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_barlayout2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_barlayout4.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_corner_left.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_local_logo.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_basetemplate.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_hbgroups.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_hbobject3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_hbobjectset3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_hotbarwrapper.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_pagingmoduleobj3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_texts3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_xmltree3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\layout.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\linkpathlegal.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\n.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\nav_b_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\nav_bb_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\nav_f_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\nav_ff_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\progress.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\sales_buttons.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\searchbtn.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\seekmo_btn.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\submit.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_bg.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_bga.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_bgia.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_l.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_la.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_lia.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_r.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_ra.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_ria.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tree_dots.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tree_minus.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tree_plus.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\treedata_animations.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\treedata_backgrounds.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\treedata_ecards.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\treedata_emoticons.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\treedata_notifiers.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\treedata_text.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\business_promo.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\buttondir.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\code.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\cursors.xip
C:\Documents and Settings\HP_Administrator\A
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\BM436de4cb.xml

AWF::
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\Program Files\MySpace\IM\bak\MySpaceIM.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\Windows Defender\bak\MSASCui.exe
-C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\m3SrchMn.exe.vir
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir
C:\QooBox\Quarantine\C\Program Files\Seekmo\bin\10.0.314.0\bak\SeekmoSA.exe.vir
C:\WINDOWS\CREATOR\bak\Remind_XP.exe
C:\WINDOWS\ehome\bak\ehtray.exe
C:\WINDOWS\SMINST\bak\RECGUARD.EXE
C:\WINDOWS\system32\bak\hkcmd.exe
C:\WINDOWS\system32\bak\hphmon03.exe
C:\WINDOWS\system32\bak\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb04.exe

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Also post a new HijackThis log
  • 0

#9
Rabell

Rabell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
the comobofix.txt is to big to post in a single I will have to to multi posts.:

ComboFix 08-05-19.4 - HP_Administrator 2008-05-21 10:16:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.601 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\My Documents\diag russ\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\My Documents\diag russ\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BM436de4cb.xml
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrator\Favorites\Online Security Test.url
C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BM436de4cb.xml
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\UYWKRPEG\www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\UYWKRPEG\www.broadcaster.com\played_list.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\UYWKRPEG\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte10_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte11_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte12_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte13_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte14_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte9_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\030203lib_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102angel_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigluf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102birthday_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102cheers_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102flo_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102good_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102jump_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102king_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102lough_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102luf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102smile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102smiled_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102sor_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102thanx_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\033102uhu_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\040103ahh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\040103wow_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\040104_emi2_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\042102_1134_112_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103big_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103gig_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103hm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\050103norm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema15_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema16_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema17_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema18_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema24_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema25_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema26_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema30_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema33_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema34_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\062802hippi_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\062802jumpie_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\080402argh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\080402oops_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\080402ouch_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\082502no_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\082502yes_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_boring1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_confused_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_fantastic_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_feel_better_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_gimme_break_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_heehee_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_hlopaet_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_ign_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_lol_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_no_comment_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_peace_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_smashing_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\blocked.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\blocked2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_add-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_back-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\business_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\buttondir.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\components.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css_cattree.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css_flashpreview.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css2_main.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css2_pagingmodule.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\css2_topbuttons.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\cursors.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\delete.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\edit_clear_sound.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\edit_fs.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\edit_select.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-543450.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-589306.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-591943.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-592579.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-598579.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-603763.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9696.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511745-514279.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-bcards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-ecards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-emoticons.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-estationery.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-funny.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-help.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-images.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-info.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-more.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-my.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new2.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-options.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-people.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-photo.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-tell.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-temp.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-text.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-voice.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-def.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-premium-email-premium.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-t1-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\email-temp-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\estatationery.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\flashpatch.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\flashpreview.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\fs3.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\hotbar_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_checked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_send.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_flash_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_recently_used.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_sand-clock2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tree_null.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout4.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_corner_left.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\img_local_logo.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_basetemplate.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbgroups.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobject3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobjectset3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hotbarwrapper.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_texts3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\js2_xmltree3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\layout.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\linkpathlegal.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\n.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\nav_b_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\nav_bb_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\nav_f_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\nav_ff_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\progress.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\sales_buttons.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\searchbtn.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\seekmo_btn.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\submit.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bg.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bga.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bgia.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_l.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_la.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_lia.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_r.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ra.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ria.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tree_dots.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tree_minus.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\tree_plus.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_animations.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_backgrounds.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_ecards.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_emoticons.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_notifiers.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_text.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte10_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte11_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte12_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte13_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte14_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte9_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\030203lib_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102angel_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102bigluf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102bigsmile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102birthday_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102cheers_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102flo_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102good_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102jump_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102king_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102lough_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102luf_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102smile_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102smiled_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102sor_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102thanx_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\033102uhu_1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\040103ahh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\040103wow_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\040104_emi2_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\042102_1134_112_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103big_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103gig_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103hm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103nomail_emoti_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\050103norm_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema15_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema16_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema17_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema18_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema19_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema20_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema21_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema24_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema25_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema26_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema30_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema33_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\060104_ema34_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\062802hippi_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\062802jumpie_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\080402argh_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\080402oops_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\080402ouch_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\082502no_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\082502yes_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_boring1_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_confused_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_crying_ugly_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_fantastic_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_feel_better_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_gimme_break_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_heehee_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_hlopaet_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_ign_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_lol_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_no_comment_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_peace_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_smashing_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\110103_talk2thehand_prv.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\block_sm.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\block_sm2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\block_smli.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\block_smli2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\blocked.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\blocked2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_add-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_back-but.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_left_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_left_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_left_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_middle_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_middle_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_right_cut_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_right_enabled_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\btn_right_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\business_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\buttondir.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\components.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css_cattree.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css_flashpreview.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css2_main.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css2_pagingmodule.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\css2_topbuttons.css
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\cursors.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\delete.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\edit_clear_sound.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\edit_fs.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\edit_select.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-543450.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-589306.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-591943.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-592579.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-598579.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-603763.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511724-9696.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-511745-514279.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-backgrounds.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-bcards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-ecards.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-emoticons.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-estationery.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-funny.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-help.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-images.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-info.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-more.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-my.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-new.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-new2.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-options.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-people.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-photo.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-tell.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-temp.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-text.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def-email-voice.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-def.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-premium-email-premium.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-t1-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\email-temp-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\estatationery.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\flashpatch.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\flashpreview.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\fs3.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\hotbar_promo.htm
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_checked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_close_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_close_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_edit_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_edit_send.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_flash_preview.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_recently_used.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_remove_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_remove_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_sand-clock2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_tell_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_tell_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_tree_null.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_unchecked_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\icon_unchecked_pressed_1.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_barlayout.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_barlayout2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_barlayout4.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_corner_left.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\img_local_logo.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_basetemplate.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_hbgroups.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_hbobject3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_hbobjectset3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_hotbarwrapper.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_pagingmoduleobj3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_texts3.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\js2_xmltree3nf.js
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\layout.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\linkpathlegal.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\n.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\nav_b_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\nav_bb_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\nav_f_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\nav_ff_2.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\progress.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\sales_buttons.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\searchbtn.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\seekmo_btn.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\submit.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_bg.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_bga.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_bgia.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_l.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_la.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_lia.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_r.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_ra.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tab_ria.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tree_dots.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tree_minus.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\tree_plus.gif
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\treedata_animations.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\treedata_backgrounds.xml
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\HostOI\static\2\
  • 0

#10
Rabell

Rabell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
here is the second half of comobofix.txt:

2008-04-14 00:12:00 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\msoert2.dll
+ 2008-04-14 00:12:28 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\msoobe.exe
+ 2008-04-13 17:24:14 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\msorc32r.dll
+ 2008-04-14 00:12:00 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\msorcl32.dll
+ 2008-04-14 00:12:28 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 00:12:00 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\mspatcha.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\ServicePackFiles\i386\mspbde40.dll
+ 2008-04-13 18:39:50 5,376 ------w C:\WINDOWS\ServicePackFiles\i386\mspclock.sys
+ 2008-04-13 18:39:51 4,992 ------w C:\WINDOWS\ServicePackFiles\i386\mspqm.sys
+ 2008-04-13 16:23:31 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\msprivs.dll
+ 2008-04-14 00:12:00 146,432 ------w C:\WINDOWS\ServicePackFiles\i386\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\ServicePackFiles\i386\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\ServicePackFiles\i386\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\ServicePackFiles\i386\msrepl40.dll
+ 2008-04-14 00:12:00 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\msrle32.dll
+ 2008-04-14 00:12:00 134,656 ------w C:\WINDOWS\ServicePackFiles\i386\mssap.dll
+ 2008-04-14 00:12:00 155,136 ------w C:\WINDOWS\ServicePackFiles\i386\mssha.dll
+ 2008-04-13 18:14:58 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\msshamsg.dll
+ 2008-04-13 18:36:46 15,488 ------w C:\WINDOWS\ServicePackFiles\i386\mssmbios.sys
+ 2008-04-14 00:12:00 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\mst120.dll
+ 2008-04-14 00:12:00 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\mst123.dll
+ 2008-04-13 18:46:08 49,024 ------w C:\WINDOWS\ServicePackFiles\i386\mstape.sys
+ 2008-04-14 00:12:00 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
+ 2008-04-13 18:39:50 5,504 ------w C:\WINDOWS\ServicePackFiles\i386\mstee.sys
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\ServicePackFiles\i386\mstext40.dll
+ 2008-04-14 00:12:00 532,480 ------w C:\WINDOWS\ServicePackFiles\i386\mstime.dll
+ 2008-04-14 00:12:29 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\mstinit.exe
+ 2008-04-14 00:12:00 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\mstlsapi.dll
+ 2008-04-14 00:12:00 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\msutb.dll
+ 2008-04-14 00:12:00 132,608 ------w C:\WINDOWS\ServicePackFiles\i386\msv1_0.dll
+ 2008-04-14 00:12:00 1,384,479 ------w C:\WINDOWS\ServicePackFiles\i386\msvbvm60.dll
+ 2008-04-14 00:12:01 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msvcirt.dll
+ 2008-04-14 00:12:01 413,696 ------w C:\WINDOWS\ServicePackFiles\i386\msvcp60.dll
+ 2008-04-14 00:12:01 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
+ 2008-04-13 18:30:46 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\msvcrt40.dll
+ 2008-04-14 00:12:01 121,344 ------w C:\WINDOWS\ServicePackFiles\i386\msvfw32.dll
+ 2008-04-14 00:12:01 1,428,992 ------w C:\WINDOWS\ServicePackFiles\i386\msvidctl.dll
+ 2008-04-14 00:12:01 72,704 ------w C:\WINDOWS\ServicePackFiles\i386\msw3prt.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\ServicePackFiles\i386\mswdat10.dll
+ 2008-04-14 00:12:01 203,776 ------w C:\WINDOWS\ServicePackFiles\i386\mswebdvd.dll
+ 2008-04-14 00:12:01 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\ServicePackFiles\i386\mswstr10.dll
+ 2008-04-14 00:12:01 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msxactps.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\ServicePackFiles\i386\msxbde40.dll
+ 2008-04-14 00:12:01 506,368 ------w C:\WINDOWS\ServicePackFiles\i386\msxml.dll
+ 2008-04-14 00:12:01 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\msxml2.dll
+ 2008-04-14 00:12:01 1,104,896 ------w C:\WINDOWS\ServicePackFiles\i386\msxml3.dll
+ 2008-04-14 00:12:01 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\msyuv.dll
+ 2004-08-04 03:41:40 126,686 ------w C:\WINDOWS\ServicePackFiles\i386\mtlmnt5.sys
+ 2004-08-04 03:41:38 1,309,184 ------w C:\WINDOWS\ServicePackFiles\i386\mtlstrm.sys
+ 2008-04-14 00:12:29 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\mtstocom.exe
+ 2008-04-14 00:12:01 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll
+ 2008-04-14 00:12:01 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\mtxdm.dll
+ 2008-04-14 00:12:01 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\mtxex.dll
+ 2008-04-14 00:12:01 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\mtxlegih.dll
+ 2008-04-14 00:12:01 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll
+ 2008-04-14 00:12:01 1,737,856 ------w C:\WINDOWS\ServicePackFiles\i386\mtxparhd.dll
+ 2004-08-04 03:29:38 452,736 ------w C:\WINDOWS\ServicePackFiles\i386\mtxparhm.sys
+ 2008-04-14 00:12:29 90,624 ------w C:\WINDOWS\ServicePackFiles\i386\muisetup.exe
+ 2008-04-13 19:17:05 105,344 ------w C:\WINDOWS\ServicePackFiles\i386\mup.sys
+ 2008-04-13 18:43:55 12,672 ------w C:\WINDOWS\ServicePackFiles\i386\mutohpen.sys
+ 2008-04-14 00:12:01 90,624 ------w C:\WINDOWS\ServicePackFiles\i386\mydocs.dll
+ 2008-04-13 18:46:25 85,248 ------w C:\WINDOWS\ServicePackFiles\i386\nabtsfec.sys
+ 2008-04-14 00:12:01 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\nac.dll
+ 2008-04-14 00:12:01 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\napipsec.dll
+ 2008-04-14 00:12:01 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\napmontr.dll
+ 2008-04-14 00:12:29 176,640 ------w C:\WINDOWS\ServicePackFiles\i386\napstat.exe
+ 2008-04-14 00:12:29 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 00:12:01 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\ncobjapi.dll
+ 2008-04-14 00:12:01 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\ncprov.dll
+ 2008-04-14 00:12:01 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\ncpsres.dll
+ 2008-04-14 00:12:01 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\nddeapi.dll
+ 2008-04-14 00:12:29 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe
+ 2008-04-14 00:12:01 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\nddenb32.dll
+ 2008-04-13 19:20:37 182,656 ------w C:\WINDOWS\ServicePackFiles\i386\ndis.sys
+ 2008-04-13 18:46:22 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\ndisip.sys
+ 2008-04-14 00:12:01 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\ndisnpp.dll
+ 2008-04-13 18:57:27 10,112 ------w C:\WINDOWS\ServicePackFiles\i386\ndistapi.sys
+ 2008-04-13 18:55:58 14,592 ------w C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys
+ 2008-04-13 19:20:42 91,520 ------w C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys
+ 2008-04-13 18:57:29 40,576 ------w C:\WINDOWS\ServicePackFiles\i386\ndproxy.sys
+ 2008-04-14 00:12:29 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\net.exe
+ 2008-04-14 00:12:29 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\net1.exe
+ 2008-04-14 00:12:01 337,408 ------w C:\WINDOWS\ServicePackFiles\i386\netapi32.dll
+ 2008-04-13 18:56:02 34,688 ------w C:\WINDOWS\ServicePackFiles\i386\netbios.sys
+ 2008-04-13 19:21:00 162,816 ------w C:\WINDOWS\ServicePackFiles\i386\netbt.sys
+ 2008-04-14 00:12:01 622,592 ------w C:\WINDOWS\ServicePackFiles\i386\netcfgx.dll
+ 2008-04-14 00:12:29 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\netdde.exe
+ 2004-08-09 21:00:00 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\netfxocm.dll
+ 2007-12-17 11:59:53 82,976 ------w C:\WINDOWS\ServicePackFiles\i386\netfxupdate.exe
+ 2008-04-14 00:12:01 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\netid.dll
+ 2008-04-14 00:12:01 407,040 ------w C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
+ 2008-04-14 00:12:01 198,144 ------w C:\WINDOWS\ServicePackFiles\i386\netman.dll
+ 2008-04-14 00:12:01 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\netoc.dll
+ 2008-04-14 00:12:01 875,008 ------w C:\WINDOWS\ServicePackFiles\i386\netplwiz.dll
+ 2008-04-14 00:12:01 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\netrap.dll
+ 2008-04-14 00:16:51 329,728 ------w C:\WINDOWS\ServicePackFiles\i386\netsetup.exe
+ 2008-04-14 00:12:29 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\netsh.exe
+ 2008-04-14 00:12:02 1,703,936 ------w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 00:12:29 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\netstat.exe
+ 2008-04-14 00:12:02 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\netui0.dll
+ 2008-04-14 00:12:02 245,760 ------w C:\WINDOWS\ServicePackFiles\i386\netui1.dll
+ 2004-08-04 03:31:42 132,695 ------w C:\WINDOWS\ServicePackFiles\i386\netwlan5.sys
+ 2008-04-14 00:12:02 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
+ 2004-08-03 21:12:20 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\ngen.exe
+ 2008-04-13 18:51:25 61,824 ------w C:\WINDOWS\ServicePackFiles\i386\nic1394.sys
+ 2008-04-14 00:12:02 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\nlhtml.dll
+ 2008-04-14 00:12:02 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\nmas.dll
+ 2008-04-14 00:12:02 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nmasnt.dll
+ 2008-04-14 00:12:02 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\nmchat.dll
+ 2008-04-14 00:12:02 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\nmcom.dll
+ 2008-04-14 00:12:02 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\nmft.dll
+ 2008-04-14 00:12:02 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nmmkcert.dll
+ 2008-04-13 18:53:09 40,320 ------w C:\WINDOWS\ServicePackFiles\i386\nmnt.sys
+ 2008-04-14 00:12:02 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\nmoldwb.dll
+ 2008-04-14 00:12:02 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\nmwb.dll
+ 2008-04-14 00:12:29 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
+ 2008-04-13 18:32:39 30,848 ------w C:\WINDOWS\ServicePackFiles\i386\npfs.sys
+ 2008-04-14 00:12:29 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\nppagent.exe
+ 2008-04-14 00:12:02 54,784 ------w C:\WINDOWS\ServicePackFiles\i386\npptools.dll
+ 2008-04-13 18:54:36 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nscirda.sys
+ 2008-04-14 00:12:02 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\nsepm.dll
+ 2008-04-14 00:12:29 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\nslookup.exe
+ 2008-04-14 00:12:30 1,200,640 ------w C:\WINDOWS\ServicePackFiles\i386\ntbackup.exe
+ 2004-08-09 21:00:00 47,564 ------w C:\WINDOWS\ServicePackFiles\i386\ntdetect.com
+ 2008-04-14 00:11:24 706,048 ------w C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
+ 2008-04-14 00:12:02 67,072 ------w C:\WINDOWS\ServicePackFiles\i386\ntdsapi.dll
+ 2008-04-14 00:12:02 212,992 ------w C:\WINDOWS\ServicePackFiles\i386\ntevt.dll
+ 2008-04-13 19:15:53 574,976 ------w C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
+ 2004-08-09 21:00:00 33,840 ------w C:\WINDOWS\ServicePackFiles\i386\ntio.sys
+ 2004-08-09 21:00:00 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\ntio404.sys
+ 2004-08-09 21:00:00 35,648 ------w C:\WINDOWS\ServicePackFiles\i386\ntio411.sys
+ 2004-08-09 21:00:00 35,424 ------w C:\WINDOWS\ServicePackFiles\i386\ntio412.sys
+ 2004-08-09 21:00:00 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\ntio804.sys
+ 2008-04-13 19:24:37 2,145,280 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlmp.exe
+ 2008-04-13 18:31:21 2,065,792 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
+ 2008-04-13 18:31:21 2,023,936 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrpamp.exe
+ 2008-04-14 00:12:02 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\ntlanman.dll
+ 2008-04-14 00:12:02 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\ntlsapi.dll
+ 2008-04-14 00:12:02 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\ntmarta.dll
+ 2008-04-14 00:12:02 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsapi.dll
+ 2008-04-14 00:12:02 179,200 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsdba.dll
+ 2008-04-14 00:12:02 488,448 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsmgr.dll
+ 2008-04-14 00:12:02 435,200 ------w C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
+ 2004-08-04 03:41:40 180,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntmtlfax.sys
+ 2008-04-14 00:12:02 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\ntoc.dll
+ 2008-04-13 19:27:53 2,188,928 ------w C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
+ 2008-04-14 00:12:02 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\ntprint.dll
+ 2008-04-14 00:12:02 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 00:12:30 420,864 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-14 00:12:02 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdmd.dll
+ 2008-04-14 00:12:02 4,274,816 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_disp.dll
+ 2004-08-04 03:29:56 1,897,408 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys
+ 2008-04-14 00:12:02 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\nwapi32.dll
+ 2008-04-13 18:56:06 88,320 ------w C:\WINDOWS\ServicePackFiles\i386\nwlnkipx.sys
+ 2008-04-14 00:12:02 142,336 ------w C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
+ 2008-04-13 18:34:12 163,584 ------w C:\WINDOWS\ServicePackFiles\i386\nwrdr.sys
+ 2008-04-14 00:12:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\nwwks.dll
+ 2008-04-14 00:12:02 270,336 ------w C:\WINDOWS\ServicePackFiles\i386\oakley.dll
+ 2008-04-14 00:10:30 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\obelog.dll
+ 2008-04-14 00:10:30 966,656 ------w C:\WINDOWS\ServicePackFiles\i386\obemetal.dll
+ 2007-04-02 18:44:11 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\obemtllc.dll
+ 2008-04-14 00:10:30 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\obepopc.dll
+ 2008-04-14 00:12:02 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\objsel.dll
+ 2008-04-13 18:40:07 393,728 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0401.dll
+ 2008-04-13 18:40:23 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0404.dll
+ 2008-04-13 18:40:24 428,032 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0405.dll
+ 2008-04-13 18:40:27 418,816 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0406.dll
+ 2008-04-13 18:40:34 403,456 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0407.dll
+ 2008-04-13 18:40:30 419,328 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0408.dll
+ 2008-04-13 18:40:32 405,504 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040b.dll
+ 2008-04-13 18:40:33 410,624 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040c.dll
+ 2008-04-13 18:40:32 384,000 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040d.dll
+ 2008-04-13 18:40:39 434,176 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040e.dll
+ 2008-04-13 18:40:39 413,696 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0410.dll
+ 2008-04-13 18:40:44 275,456 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0411.dll
+ 2008-04-13 18:40:48 306,688 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0412.dll
+ 2008-04-13 18:40:44 401,920 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0413.dll
+ 2008-04-13 18:40:44 353,792 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0414.dll
+ 2008-04-13 18:40:47 391,680 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0415.dll
+ 2008-04-13 18:40:10 409,600 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0416.dll
+ 2008-04-13 18:40:50 427,008 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0419.dll
+ 2008-04-13 18:40:52 405,504 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041b.dll
+ 2008-04-13 18:40:56 363,008 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041d.dll
+ 2008-04-13 18:41:00 390,144 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041f.dll
+ 2008-04-13 18:40:56 408,576 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0424.dll
+ 2008-04-13 18:40:24 270,336 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0804.dll
+ 2008-04-13 18:40:48 435,200 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0816.dll
+ 2008-04-13 18:40:30 446,464 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0c0a.dll
+ 2008-04-14 00:12:02 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\occache.dll
+ 2008-04-14 00:12:02 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ocgen.dll
+ 2008-04-14 00:12:02 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\ocmanage.dll
+ 2008-04-14 00:12:02 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\ocmsn.dll
+ 2004-08-09 21:00:00 26,224 ------w C:\WINDOWS\ServicePackFiles\i386\odbc16gt.dll
+ 2008-04-14 00:12:02 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32.dll
+ 2008-04-14 00:12:02 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32gt.dll
+ 2008-04-14 00:12:30 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe
+ 2008-04-14 00:12:02 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\odbcbcp.dll
+ 2008-04-14 00:12:02 135,168 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.dll
+ 2008-04-14 00:12:30 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe
+ 2008-04-14 00:12:02 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\odbccp32.dll
+ 2008-04-14 00:12:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\odbccr32.dll
+ 2008-04-14 00:12:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\odbccu32.dll
+ 2008-04-13 17:26:05 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\odbcint.dll
+ 2008-04-14 00:10:31 53,279 ------w C:\WINDOWS\ServicePackFiles\i386\odbcji32.dll
+ 2008-04-14 00:12:02 278,559 ------w C:\WINDOWS\ServicePackFiles\i386\odbcjt32.dll
+ 2008-04-13 17:26:05 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\odbcp32r.dll
+ 2008-04-14 00:12:02 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\odbctrac.dll
+ 2008-04-14 00:12:02 20,511 ------w C:\WINDOWS\ServicePackFiles\i386\oddbse32.dll
+ 2008-04-14 00:12:02 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odexl32.dll
+ 2008-04-14 00:12:02 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odfox32.dll
+ 2008-04-14 00:12:02 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odpdx32.dll
+ 2008-04-14 00:12:02 20,511 ------w C:\WINDOWS\ServicePackFiles\i386\odtext32.dll
+ 2008-04-14 00:12:02 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\oeimport.dll
+ 2008-04-14 00:12:30 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\oemig50.exe
+ 2008-04-14 00:12:02 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\oemiglib.dll
+ 2008-04-14 00:12:02 192,000 ------w C:\WINDOWS\ServicePackFiles\i386\offfilt.dll
+ 2008-04-13 18:46:18 61,696 ------w C:\WINDOWS\ServicePackFiles\i386\ohci1394.sys
+ 2008-04-14 00:12:02 1,287,168 ------w C:\WINDOWS\ServicePackFiles\i386\ole32.dll
+ 2008-04-14 00:12:02 551,936 ------w C:\WINDOWS\ServicePackFiles\i386\oleaut32.dll
+ 2008-04-14 00:12:02 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\olecli32.dll
+ 2008-04-14 00:12:02 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\olecnv32.dll
+ 2008-04-14 00:12:02 487,424 ------w C:\WINDOWS\ServicePackFiles\i386\oledb32.dll
+ 2008-04-14 00:12:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\oledb32r.dll
+ 2008-04-14 00:12:02 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\oledlg.dll
+ 2008-04-14 00:12:02 107,008 ------w C:\WINDOWS\ServicePackFiles\i386\oleprn.dll
+ 2008-04-14 00:12:02 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\olepro32.dll
+ 2008-04-14 00:12:02 144,384 ------w C:\WINDOWS\ServicePackFiles\i386\onex.dll
+ 2008-04-14 00:12:31 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe
+ 2008-04-14 00:12:02 713,728 ------w C:\WINDOWS\ServicePackFiles\i386\opengl32.dll
+ 2008-04-14 00:12:31 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\opnfiles.exe
+ 2008-04-13 18:32:32 166,912 ------w C:\WINDOWS\ServicePackFiles\i386\oschoice.exe
+ 2008-04-14 00:12:31 215,552 ------w C:\WINDOWS\ServicePackFiles\i386\osk.exe
+ 2008-04-13 18:31:43 230,400 ------w C:\WINDOWS\ServicePackFiles\i386\osloader.exe
+ 2008-04-14 00:12:02 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\osuninst.dll
+ 2008-04-14 00:12:02 153,600 ------w C:\WINDOWS\ServicePackFiles\i386\p2p.dll
+ 2008-04-14 00:12:02 105,472 ------w C:\WINDOWS\ServicePackFiles\i386\p2pgasvc.dll
+ 2008-04-14 00:12:02 313,856 ------w C:\WINDOWS\ServicePackFiles\i386\p2pgraph.dll
+ 2008-04-14 00:12:02 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\p2pnetsh.dll
+ 2008-04-14 00:12:02 554,496 ------w C:\WINDOWS\ServicePackFiles\i386\p2psvc.dll
+ 2008-04-13 18:31:31 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\p3.sys
+ 2008-04-14 00:12:31 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\packager.exe
+ 2008-04-13 18:40:10 80,128 ------w C:\WINDOWS\ServicePackFiles\i386\parport.sys
+ 2008-04-13 18:40:49 19,712 ------w C:\WINDOWS\ServicePackFiles\i386\partmgr.sys
+ 2008-04-14 00:12:02 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\pautoenr.dll
+ 2004-08-04 03:31:24 29,502 ------w C:\WINDOWS\ServicePackFiles\i386\pca200e.sys
+ 2008-04-14 00:12:02 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\pchshell.dll
+ 2008-04-14 00:12:02 38,400 ------w C:\WINDOWS\ServicePackFiles\i386\pchsvc.dll
+ 2008-04-13 18:36:44 68,224 ------w C:\WINDOWS\ServicePackFiles\i386\pci.sys
+ 2008-04-13 18:40:29 24,960 ------w C:\WINDOWS\ServicePackFiles\i386\pciidex.sys
+ 2007-05-15 08:08:11 288,768 ------w C:\WINDOWS\ServicePackFiles\i386\pcl4res.dll
+ 2007-05-15 08:08:13 1,058,816 ------w C:\WINDOWS\ServicePackFiles\i386\pcl5eres.dll
+ 2007-05-15 08:08:14 1,057,280 ------w C:\WINDOWS\ServicePackFiles\i386\pcl5ures.dll
+ 2007-05-15 08:08:14 207,872 ------w C:\WINDOWS\ServicePackFiles\i386\pclxl.dll
+ 2008-04-13 18:36:43 120,192 ------w C:\WINDOWS\ServicePackFiles\i386\pcmcia.sys
+ 2004-08-04 03:06:18 169,984 ------w C:\WINDOWS\ServicePackFiles\i386\pcx500.sys
+ 2008-04-14 00:12:02 284,160 ------w C:\WINDOWS\ServicePackFiles\i386\pdh.dll
+ 2004-08-03 21:12:20 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\perfcounter.dll
+ 2008-04-14 00:12:02 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll
+ 2008-04-14 00:12:02 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\perfdisk.dll
+ 2008-04-14 00:12:31 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\perfmon.exe
+ 2008-04-14 00:12:02 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\perfnet.dll
+ 2008-04-14 00:12:02 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\perfos.dll
+ 2008-04-14 00:12:02 34,816 ------w C:\WINDOWS\ServicePackFiles\i386\perfproc.dll
+ 2008-04-13 18:44:29 27,904 ------w C:\WINDOWS\ServicePackFiles\i386\perm2.sys
+ 2008-04-14 00:10:34 211,584 ------w C:\WINDOWS\ServicePackFiles\i386\perm2dll.dll
+ 2008-04-13 18:44:30 28,032 ------w C:\WINDOWS\ServicePackFiles\i386\perm3.sys
+ 2008-04-14 00:10:34 259,328 ------w C:\WINDOWS\ServicePackFiles\i386\perm3dd.dll
+ 2008-04-14 00:12:02 176,128 ------w C:\WINDOWS\ServicePackFiles\i386\photowiz.dll
+ 2008-04-14 00:12:02 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\pid.dll
+ 2008-04-14 00:11:09 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\pidgen.dll
+ 2008-04-14 00:12:31 281,088 ------w C:\WINDOWS\ServicePackFiles\i386\pinball.exe
+ 2008-04-14 00:12:31 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\ping.exe
+ 2008-04-14 00:12:02 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\pjlmon.dll
+ 2008-04-14 00:12:02 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\plotter.dll
+ 2008-04-14 00:12:02 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\plotui.dll
+ 2008-04-14 00:12:02 412,160 ------w C:\WINDOWS\ServicePackFiles\i386\pmh.dll
+ 2008-04-14 00:12:02 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\pngfilt.dll
+ 2008-04-14 00:12:02 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
+ 2008-04-14 00:12:02 92,672 ------w C:\WINDOWS\ServicePackFiles\i386\policman.dll
+ 2008-04-14 00:12:02 105,472 ------w C:\WINDOWS\ServicePackFiles\i386\polstore.dll
+ 2008-04-13 19:19:41 146,048 ------w C:\WINDOWS\ServicePackFiles\i386\portcls.sys
+ 2008-04-14 00:12:31 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\powercfg.exe
+ 2008-04-13 18:40:56 8,832 ------w C:\WINDOWS\ServicePackFiles\i386\powerfil.sys
+ 2008-04-14 00:12:03 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\powrprof.dll
+ 2008-04-13 18:41:00 17,664 ------w C:\WINDOWS\ServicePackFiles\i386\ppa3.sys
+ 2008-04-14 00:12:03 560,640 ------w C:\WINDOWS\ServicePackFiles\i386\printui.dll
+ 2008-04-13 18:31:30 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\processr.sys
+ 2008-04-14 00:12:03 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\profmap.dll
+ 2008-04-14 00:12:31 109,568 ------w C:\WINDOWS\ServicePackFiles\i386\progman.exe
+ 2008-04-14 00:12:32 50,176 ------w C:\WINDOWS\ServicePackFiles\i386\proquota.exe
+ 2008-04-14 00:12:03 237,056 ------w C:\WINDOWS\ServicePackFiles\i386\provthrd.dll
+ 2008-04-14 00:12:32 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\proxycfg.exe
+ 2008-04-14 00:12:03 728,576 ------w C:\WINDOWS\ServicePackFiles\i386\ps5ui.dll
+ 2008-04-14 00:12:03 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\psapi.dll
+ 2008-04-14 00:12:03 96,768 ------w C:\WINDOWS\ServicePackFiles\i386\psbase.dll
+ 2008-04-13 18:56:38 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\psched.sys
+ 2008-04-14 00:12:03 543,232 ------w C:\WINDOWS\ServicePackFiles\i386\pscript5.dll
+ 2008-04-14 00:12:03 363,520 ------w C:\WINDOWS\ServicePackFiles\i386\psisdecd.dll
+ 2008-04-14 00:12:03 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\pstorec.dll
+ 2008-04-14 00:12:03 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\pstorsvc.dll
+ 2008-04-14 00:12:03 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\ptpusd.dll
+ 2008-04-14 00:12:03 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\pwsdata.dll
+ 2008-04-14 00:12:03 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\qagent.dll
+ 2008-04-14 00:12:03 291,328 ------w C:\WINDOWS\ServicePackFiles\i386\qagentrt.dll
+ 2008-04-14 00:12:03 237,568 ------w C:\WINDOWS\ServicePackFiles\i386\qasf.dll
+ 2008-04-14 00:12:03 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\qcap.dll
+ 2008-04-14 00:12:03 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\qcliprov.dll
+ 2008-04-14 00:12:03 279,040 ------w C:\WINDOWS\ServicePackFiles\i386\qdv.dll
+ 2008-04-14 00:12:03 386,048 ------w C:\WINDOWS\ServicePackFiles\i386\qdvd.dll
+ 2008-04-14 00:12:03 562,176 ------w C:\WINDOWS\ServicePackFiles\i386\qedit.dll
+ 2008-04-13 17:21:32 733,696 ------w C:\WINDOWS\ServicePackFiles\i386\qedwipes.dll
+ 2008-04-13 18:40:52 6,016 ------w C:\WINDOWS\ServicePackFiles\i386\qic157.sys
+ 2008-04-14 00:12:03 409,088 ------w C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
+ 2008-04-14 00:12:03 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\qmgrprxy.dll
+ 2008-04-14 00:12:32 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\qprocess.exe
+ 2008-04-14 00:12:03 1,288,192 ------w C:\WINDOWS\ServicePackFiles\i386\quartz.dll
+ 2008-04-14 00:12:03 1,435,648 ------w C:\WINDOWS\ServicePackFiles\i386\query.dll
+ 2008-04-14 00:12:03 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\qutil.dll
+ 2008-04-14 00:12:03 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\racpldlg.dll
+ 2008-04-13 18:41:23 20,736 ------w C:\WINDOWS\ServicePackFiles\i386\ramdisk.sys
+ 2008-04-14 00:12:03 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\rasadhlp.dll
+ 2008-04-14 00:12:03 237,056 ------w C:\WINDOWS\ServicePackFiles\i386\rasapi32.dll
+ 2008-04-14 00:12:03 88,576 ------w C:\WINDOWS\ServicePackFiles\i386\rasauto.dll
+ 2008-04-14 00:12:03 79,872 ------w C:\WINDOWS\ServicePackFiles\i386\raschap.dll
+ 2008-04-14 00:12:03 658,432 ------w C:\WINDOWS\ServicePackFiles\i386\rasdlg.dll
+ 2008-04-13 19:19:43 51,328 ------w C:\WINDOWS\ServicePackFiles\i386\rasl2tp.sys
+ 2008-04-14 00:12:03 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\rasman.dll
+ 2008-04-14 00:12:03 186,368 ------w C:\WINDOWS\ServicePackFiles\i386\rasmans.dll
+ 2008-04-14 00:12:32 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\rasphone.exe
+ 2008-04-14 00:12:03 210,944 ------w C:\WINDOWS\ServicePackFiles\i386\rasppp.dll
+ 2008-04-13 18:57:32 41,472 ------w C:\WINDOWS\ServicePackFiles\i386\raspppoe.sys
+ 2008-04-13 19:19:48 48,384 ------w C:\WINDOWS\ServicePackFiles\i386\raspptp.sys
+ 2008-04-14 00:12:03 61,952 ------w C:\WINDOWS\ServicePackFiles\i386\rasqec.dll
+ 2008-04-14 00:12:03 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\rassapi.dll
+ 2008-04-14 00:12:03 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\rastapi.dll
+ 2008-04-14 00:12:03 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\rastls.dll
+ 2008-04-14 00:12:03 102,400 ------w C:\WINDOWS\ServicePackFiles\i386\rcbdyctl.dll
+ 2008-04-14 00:12:32 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe
+ 2008-04-14 00:12:32 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\rcp.exe
+ 2008-04-13 19:28:39 175,744 ------w C:\WINDOWS\ServicePackFiles\i386\rdbss.sys
+ 2008-04-14 00:12:03 147,968 ------w C:\WINDOWS\ServicePackFiles\i386\rdchost.dll
+ 2008-04-14 00:12:32 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe
+ 2008-04-14 00:13:22 92,424 ------w C:\WINDOWS\ServicePackFiles\i386\rdpdd.dll
+ 2008-04-13 18:32:51 196,224 ------w C:\WINDOWS\ServicePackFiles\i386\rdpdr.sys
+ 2008-04-14 00:12:04 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\rdpsnd.dll
+ 2008-04-14 00:13:22 139,656 ------w C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
+ 2008-04-14 00:13:22 87,176 ------w C:\WINDOWS\ServicePackFiles\i386\rdpwsx.dll
+ 2008-04-14 00:12:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe
+ 2008-04-14 00:12:32 67,072 ------w C:\WINDOWS\ServicePackFiles\i386\rdshost.exe
+ 2004-08-04 03:41:40 13,776 ------w C:\WINDOWS\ServicePackFiles\i386\recagent.sys
+ 2008-04-13 18:40:27 57,600 ------w C:\WINDOWS\ServicePackFiles\i386\redbook.sys
+ 2004-08-09 21:00:00 3,338 ------w C:\WINDOWS\ServicePackFiles\i386\redir.exe
+ 2008-04-14 00:12:32 50,176 ------w C:\WINDOWS\ServicePackFiles\i386\reg.exe
+ 2008-04-14 00:12:04 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\regapi.dll
+ 2004-07-19 17:54:16 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\regasm.exe
+ 2004-07-19 17:54:16 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\regcode.dll
+ 2008-04-14 00:12:32 146,432 ------w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
+ 2008-04-14 00:12:04 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
+ 2004-07-19 17:54:16 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\regsvcs.exe
+ 2008-04-14 00:12:32 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe
+ 2008-04-14 00:12:04 397,824 ------w C:\WINDOWS\ServicePackFiles\i386\regwizc.dll
+ 2008-04-14 00:12:04 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\remotepg.dll
+ 2008-04-14 00:12:04 178,176 ------w C:\WINDOWS\ServicePackFiles\i386\repdrvfs.dll
+ 2008-04-14 00:12:04 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\resutils.dll
+ 2008-04-14 00:12:33 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\rexec.exe
+ 2008-04-13 18:46:32 59,136 ------w C:\WINDOWS\ServicePackFiles\i386\rfcomm.sys
+ 2008-04-14 00:12:04 290,304 ------w C:\WINDOWS\ServicePackFiles\i386\rhttpaa.dll
+ 2008-04-14 00:12:04 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\riafres.dll
+ 2008-04-14 00:12:04 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\riafui1.dll
+ 2008-04-14 00:12:04 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\riafui2.dll
+ 2008-04-14 00:12:04 433,664 ------w C:\WINDOWS\ServicePackFiles\i386\riched20.dll
+ 2008-04-13 18:55:08 202,624 ------w C:\WINDOWS\ServicePackFiles\i386\rmcast.sys
+ 2008-04-13 18:56:49 30,592 ------w C:\WINDOWS\ServicePackFiles\i386\rndismp.sys
+ 2008-04-13 18:56:49 30,592 ------w C:\WINDOWS\ServicePackFiles\i386\rndismpx.sys
+ 2008-04-13 18:40:14 79,104 ------w C:\WINDOWS\ServicePackFiles\i386\rocket.sys
+ 2008-04-14 00:12:04 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\rpcref.dll
+ 2008-04-14 00:12:04 584,704 ------w C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll
+ 2008-04-14 00:12:04 399,360 ------w C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
+ 2008-04-14 00:12:04 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\rrcm.dll
+ 2008-04-13 17:37:57 208,384 ------w C:\WINDOWS\ServicePackFiles\i386\rsaenh.dll
+ 2008-04-14 00:12:33 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\rsh.exe
+ 2008-04-14 00:12:04 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\rshx32.dll
+ 2008-04-14 00:12:04 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\rsmps.dll
+ 2008-04-14 00:12:33 107,520 ------w C:\WINDOWS\ServicePackFiles\i386\rsnotify.exe
+ 2008-04-14 00:12:33 380,416 ------w C:\WINDOWS\ServicePackFiles\i386\rstrui.exe
+ 2008-04-14 00:12:04 92,672 ------w C:\WINDOWS\ServicePackFiles\i386\rsvpsp.dll
+ 2008-04-14 00:12:33 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe
+ 2008-04-14 00:12:04 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\rtipxmib.dll
+ 2004-08-03 14:31:34 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\rtl8139.sys
+ 2008-04-14 00:12:04 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\rtutils.dll
+ 2008-04-14 00:12:33 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
+ 2008-04-14 00:12:33 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\runonce.exe
+ 2008-04-14 00:12:04 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\rw001ext.dll
+ 2008-04-14 00:12:04 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\rw330ext.dll
+ 2008-04-14 00:12:04 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\rw430ext.dll
+ 2008-04-14 00:12:04 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\rw450ext.dll
+ 2008-04-14 00:12:04 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\rwnh.dll
+ 2008-04-14 00:12:04 397,056 ------w C:\WINDOWS\ServicePackFiles\i386\s3gnb.dll
+ 2004-08-04 03:29:52 166,912 ------w C:\WINDOWS\ServicePackFiles\i386\s3gnbm.sys
+ 2008-04-14 00:12:04 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\safrcdlg.dll
+ 2008-04-14 00:12:04 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\safrdm.dll
+ 2008-04-14 00:12:04 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\safrslv.dll
+ 2008-04-14 00:12:04 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\samlib.dll
+ 2008-04-14 00:12:04 415,744 ------w C:\WINDOWS\ServicePackFiles\i386\samsrv.dll
+ 2008-04-14 00:12:04 741,376 ------w C:\WINDOWS\ServicePackFiles\i386\sapi.dll
+ 2008-04-14 00:12:33 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\savedump.exe
+ 2008-04-14 00:12:04 270,848 ------w C:\WINDOWS\ServicePackFiles\i386\sbe.dll
+ 2008-04-14 00:12:04 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\sbeio.dll
+ 2008-04-13 18:40:48 43,904 ------w C:\WINDOWS\ServicePackFiles\i386\sbp2port.sys
+ 2008-04-14 00:12:04 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\scarddlg.dll
+ 2008-04-14 00:12:33 95,744 ------w C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe
+ 2004-08-09 21:00:00 169,984 ------w C:\WINDOWS\ServicePackFiles\i386\sccbase.dll
+ 2008-04-14 00:12:05 171,008 ------w C:\WINDOWS\ServicePackFiles\i386\sccsccp.dll
+ 2008-04-14 00:12:05 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\scecli.dll
+ 2008-04-14 00:12:05 314,880 ------w C:\WINDOWS\ServicePackFiles\i386\scesrv.dll
+ 2008-04-14 00:12:05 144,384 ------w C:\WINDOWS\ServicePackFiles\i386\schannel.dll
+ 2008-04-14 00:12:05 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
+ 2008-04-14 00:12:05 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\sclgntfy.dll
+ 2008-04-14 00:12:34 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\scrcons.exe
+ 2008-04-14 00:12:05 215,552 ------w C:\WINDOWS\ServicePackFiles\i386\script.dll
+ 2008-04-14 00:12:05 199,680 ------w C:\WINDOWS\ServicePackFiles\i386\scripta.dll
+ 2008-04-14 00:12:43 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr
+ 2008-04-14 00:12:05 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\scrobj.dll
+ 2008-04-14 00:12:05 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\scrrun.dll
+ 2008-04-13 18:40:30 96,384 ------w C:\WINDOWS\ServicePackFiles\i386\scsiport.sys
+ 2008-04-13 18:45:33 11,520 ------w C:\WINDOWS\ServicePackFiles\i386\scsiscan.sys
+ 2008-04-14 00:12:34 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\sctasks.exe
+ 2008-04-14 00:12:34 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe
+ 2008-04-13 18:36:44 79,232 ------w C:\WINDOWS\ServicePackFiles\i386\sdbus.sys
+ 2008-04-14 00:12:05 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\sdhcinst.dll
+ 2007-11-13 10:25:53 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\secdrv.sys
+ 2008-04-14 00:12:34 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\secedit.exe
+ 2008-04-14 00:12:05 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\seclogon.dll
+ 2006-12-31 12:57:08 4,569 ------w C:\WINDOWS\ServicePackFiles\i386\secupd.dat
+ 2008-04-14 00:12:05 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\secur32.dll
+ 2008-04-14 00:12:05 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\security.dll
+ 2008-04-14 00:12:05 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\sendcmsg.dll
+ 2008-04-14 00:12:05 54,784 ------w C:\WINDOWS\ServicePackFiles\i386\sendmail.dll
+ 2008-04-14 00:12:05 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\sens.dll
+ 2008-04-14 00:12:05 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\sensapi.dll
+ 2008-04-14 00:12:05 221,696 ------w C:\WINDOWS\ServicePackFiles\i386\seo.dll
+ 2008-04-13 18:40:12 15,744 ------w C:\WINDOWS\ServicePackFiles\i386\serenum.sys
+ 2008-04-13 19:15:45 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\serial.sys
+ 2008-04-14 00:12:05 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\servdeps.dll
+ 2008-04-14 00:12:34 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\services.exe
+ 2008-04-14 00:12:34 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe
+ 2008-04-14 00:12:34 31,232 ------w C:\WINDOWS\ServicePackFiles\i386\sethc.exe
+ 2007-12-17 11:59:54 66,592 ------w C:\WINDOWS\ServicePackFiles\i386\setregni.exe
+ 2008-04-14 00:12:34 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\setup.exe
+ 2008-04-14 00:12:34 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\setup50.exe
+ 2008-04-14 10:42:06 985,088 ------w C:\WINDOWS\ServicePackFiles\i386\setupapi.dll
+ 2008-04-14 00:12:35 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\setupn.exe
+ 2008-04-14 00:12:05 101,376 ------w C:\WINDOWS\ServicePackFiles\i386\setupqry.dll
+ 2008-04-14 00:12:05 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\sfc.dll
+ 2008-04-14 00:12:05 140,288 ------w C:\WINDOWS\ServicePackFiles\i386\sfc_os.dll
+ 2008-04-14 00:12:05 1,614,848 ------w C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
+ 2008-04-13 18:40:47 11,904 ------w C:\WINDOWS\ServicePackFiles\i386\sffdisk.sys
+ 2008-04-13 18:40:48 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\sffp_mmc.sys
+ 2008-04-13 18:40:47 11,008 ------w C:\WINDOWS\ServicePackFiles\i386\sffp_sd.sys
+ 2008-04-13 18:40:48 11,392 ------w C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
+ 2008-04-13 17:03:19 549,376 ------w C:\WINDOWS\ServicePackFiles\i386\shdoclc.dll
+ 2008-04-14 00:12:05 1,499,136 ------w C:\WINDOWS\ServicePackFiles\i386\shdocvw.dll
+ 2008-04-14 00:12:05 8,461,312 ------w C:\WINDOWS\ServicePackFiles\i386\shell32.dll
+ 2008-04-14 00:12:05 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\shfolder.dll
+ 2008-04-14 00:12:05 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\shgina.dll
+ 2008-04-14 00:12:05 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\shimeng.dll
+ 2008-04-14 00:12:05 438,272 ------w C:\WINDOWS\ServicePackFiles\i386\shimgvw.dll
+ 2008-04-14 00:12:05 474,112 ------w C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
+ 2008-04-14 00:12:35 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe
+ 2008-04-14 00:12:35 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\shrpubw.exe
+ 2008-04-14 00:12:05 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\shscrap.dll
+ 2008-04-14 00:12:05 135,168 ------w C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
+ 2008-04-14 00:12:05 20,536 ------w C:\WINDOWS\ServicePackFiles\i386\shtml.dll
+ 2008-04-14 00:12:35 16,437 ------w C:\WINDOWS\ServicePackFiles\i386\shtml.exe
+ 2008-04-14 00:12:35 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\shutdown.exe
+ 2008-04-14 00:12:05 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\sigtab.dll
+ 2008-04-14 00:12:35 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\sigverif.exe
+ 2008-04-14 00:12:05 3,901 ------w C:\WINDOWS\ServicePackFiles\i386\siint5.dll
+ 2008-04-13 18:36:39 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\sisagp.sys
+ 2004-08-04 03:31:36 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\sisnic.sys
+ 2008-04-14 00:12:35 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\skeys.exe
+ 2004-08-04 03:31:42 63,547 ------w C:\WINDOWS\ServicePackFiles\i386\sla30nd5.sys
+ 2008-04-14 00:12:06 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\slayerxp.dll
+ 2004-08-09 21:00:00 306,176 ------w C:\WINDOWS\ServicePackFiles\i386\slbcsp.dll
+ 2008-04-14 00:12:06 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\slbiop.dll
+ 2008-04-14 00:12:06 73,832 ------w C:\WINDOWS\ServicePackFiles\i386\slcoinst.dll
+ 2008-04-14 00:12:06 286,792 ------w C:\WINDOWS\ServicePackFiles\i386\slextspk.dll
+ 2008-04-14 00:12:06 188,508 ------w C:\WINDOWS\ServicePackFiles\i386\slgen.dll
+ 2008-04-13 18:46:23 11,136 ------w C:\WINDOWS\ServicePackFiles\i386\slip.sys
+ 2004-08-04 03:41:42 129,535 ------w C:\WINDOWS\ServicePackFiles\i386\slnt7554.sys
+ 2004-08-04 03:41:44 404,990 ------w C:\WINDOWS\ServicePackFiles\i386\slntamr.sys
+ 2004-08-04 03:41:46 95,424 ------w C:\WINDOWS\ServicePackFiles\i386\slnthal.sys
+ 2008-04-14 00:12:35 32,866 ------w C:\WINDOWS\ServicePackFiles\i386\slrundll.exe
+ 2008-04-14 00:12:35 73,796 ------w C:\WINDOWS\ServicePackFiles\i386\slserv.exe
+ 2004-08-04 03:41:46 13,240 ------w C:\WINDOWS\ServicePackFiles\i386\slwdmsup.sys
+ 2008-04-13 18:36:34 5,888 ------w C:\WINDOWS\ServicePackFiles\i386\smbali.sys
+ 2008-04-13 18:36:33 16,000 ------w C:\WINDOWS\ServicePackFiles\i386\smbbatt.sys
+ 2008-04-13 18:36:33 6,912 ------w C:\WINDOWS\ServicePackFiles\i386\smbclass.sys
+ 2008-04-14 00:12:35 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\smbinst.exe
+ 2008-04-14 00:12:35 236,544 ------w C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe
+ 2008-04-14 00:12:06 362,496 ------w C:\WINDOWS\ServicePackFiles\i386\smlogcfg.dll
+ 2008-04-14 00:12:35 89,600 ------w C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe
+ 2008-04-14 00:12:36 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\smss.exe
+ 2008-04-14 00:12:06 189,440 ------w C:\WINDOWS\ServicePackFiles\i386\smtpadm.dll
+ 2008-04-14 00:12:06 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\smtpapi.dll
+ 2008-04-14 00:12:06 2,134,528 ------w C:\WINDOWS\ServicePackFiles\i386\smtpsnap.dll
+ 2008-04-14 00:12:06 456,192 ------w C:\WINDOWS\ServicePackFiles\i386\smtpsvc.dll
+ 2008-04-14 00:12:36 131,584 ------w C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe
+ 2008-04-14 00:12:06 34,816 ------w C:\WINDOWS\ServicePackFiles\i386\sniffpol.dll
+ 2008-04-14 00:12:36 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\snmp.exe
+ 2008-04-14 00:12:06 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\snmpapi.dll
+ 2008-04-14 00:12:06 259,072 ------w C:\WINDOWS\ServicePackFiles\i386\snmpcl.dll
+ 2008-04-14 00:12:06 358,400 ------w C:\WINDOWS\ServicePackFiles\i386\snmpincl.dll
+ 2008-04-14 00:12:06 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\snmpmib.dll
+ 2008-04-14 00:12:06 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\snmpsmir.dll
+ 2008-04-14 00:12:06 182,272 ------w C:\WINDOWS\ServicePackFiles\i386\snmpsnap.dll
+ 2008-04-14 00:12:06 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\snmpthrd.dll
+ 2008-04-14 00:12:36 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe
+ 2008-04-14 00:12:06 130,048 ------w C:\WINDOWS\ServicePackFiles\i386\softkbd.dll
+ 2008-04-13 18:40:52 7,552 ------w C:\WINDOWS\ServicePackFiles\i386\sonyait.sys
+ 2008-04-13 18:46:07 25,344 ------w C:\WINDOWS\ServicePackFiles\i386\sonydcam.sys
+ 2008-04-14 00:12:36 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\sort.exe
+ 2008-04-14 00:12:36 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\spdwnwxp.exe
+ 2008-04-13 16:43:18 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\spgrmr.dll
+ 2008-04-14 00:12:36 538,624 ------w C:\WINDOWS\ServicePackFiles\i386\spider.exe
+ 2008-04-13 18:43:31 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\spiisupd.exe
+ 2008-04-13 18:45:07 6,272 ------w C:\WINDOWS\ServicePackFiles\i386\splitter.sys
+ 2008-04-14 10:42:38 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\spnpinst.exe
+ 2008-04-14 00:12:06 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\spoolss.dll
+ 2008-04-14 00:12:36 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
+ 2008-04-13 18:35:06 186,880 ------w C:\WINDOWS\ServicePackFiles\i386\spra0401.dll
+ 2008-04-13 18:35:08 189,440 ------w C:\WINDOWS\ServicePackFiles\i386\spra0402.dll
+ 2008-04-13 18:35:09 161,280 ------w C:\WINDOWS\ServicePackFiles\i386\spra0404.dll
+ 2008-04-13 18:35:09 188,928 ------w C:\WINDOWS\ServicePackFiles\i386\spra0405.dll
+ 2008-04-13 18:35:09 192,000 ------w C:\WINDOWS\ServicePackFiles\i386\spra0406.dll
+ 2008-04-13 18:35:21 199,680 ------w C:\WINDOWS\ServicePackFiles\i386\spra0407.dll
+ 2008-04-13 18:35:11 197,632 ------w C:\WINDOWS\ServicePackFiles\i386\spra0408.dll
+ 2008-04-13 18:35:11 186,368 ------w C:\WINDOWS\ServicePackFiles\i386\spra040b.dll
+ 2008-04-13 18:35:20 197,632 ------w C:\WINDOWS\ServicePackFiles\i386\spra040c.dll
+ 2008-04-13 18:35:21 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\spra040d.dll
+ 2008-04-13 18:35:23 195,584 ------w C:\WINDOWS\ServicePackFiles\i386\spra040e.dll
+ 2008-04-13 18:35:23 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\spra0410.dll
+ 2008-04-13 18:35:23 171,008 ------w C:\WINDOWS\ServicePackFiles\i386\spra0411.dll
+ 2008-04-13 18:35:23 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\spra0412.dll
+ 2008-04-13 18:35:25 196,096 ------w C:\WINDOWS\ServicePackFiles\i386\spra0413.dll
+ 2008-04-13 18:35:25 189,440 ------w C:\WINDOWS\ServicePackFiles\i386\spra0414.dll
+ 2008-04-13 18:35:26 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\spra0415.dll
+ 2008-04-13 18:35:08 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\spra0416.dll
+ 2008-04-13 18:35:27 190,464 ------w C:\WINDOWS\ServicePackFiles\i386\spra0418.dll
+ 2008-04-13 18:35:27 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\spra0419.dll
+ 2008-04-13 18:35:21 188,928 ------w C:\WINDOWS\ServicePackFiles\i386\spra041a.dll
+ 2008-04-13 18:35:28 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\spra041b.dll
+ 2008-04-13 18:35:28 188,928 ------w C:\WINDOWS\ServicePackFiles\i386\spra041d.dll
+ 2008-04-13 18:35:29 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\spra041e.dll
+ 2008-04-13 18:35:30 188,928 ------w C:\WINDOWS\ServicePackFiles\i386\spra041f.dll
+ 2008-04-13 18:35:28 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\spra0424.dll
+ 2008-04-13 18:35:11 186,880 ------w C:\WINDOWS\ServicePackFiles\i386\spra0425.dll
+ 2008-04-13 18:35:24 188,928 ------w C:\WINDOWS\ServicePackFiles\i386\spra0426.dll
+ 2008-04-13 18:35:24 189,952 ------w C:\WINDOWS\ServicePackFiles\i386\spra0427.dll
+ 2008-04-13 18:35:06 161,280 ------w C:\WINDOWS\ServicePackFiles\i386\spra0804.dll
+ 2008-04-13 18:35:26 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\spra0816.dll
+ 2008-04-13 18:35:11 196,096 ------w C:\WINDOWS\ServicePackFiles\i386\spra0c0a.dll
+ 2008-04-13 18:35:49 2,869,248 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0401.dll
+ 2008-04-13 18:36:10 477,696 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0404.dll
+ 2008-04-13 18:36:10 734,720 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0405.dll
+ 2008-04-13 18:36:10 742,912 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0406.dll
+ 2008-04-13 18:37:03 788,480 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0407.dll
+ 2008-04-13 18:36:35 801,280 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0408.dll
+ 2008-04-13 18:36:39 729,088 ------w C:\WINDOWS\ServicePackFiles\i386\sprb040b.dll
+ 2008-04-13 18:36:55 793,088 ------w C:\WINDOWS\ServicePackFiles\i386\sprb040c.dll
+ 2008-04-13 18:37:07 2,842,112 ------w C:\WINDOWS\ServicePackFiles\i386\sprb040d.dll
+ 2008-04-13 18:37:22 769,536 ------w C:\WINDOWS\ServicePackFiles\i386\sprb040e.dll
+ 2008-04-13 18:37:22 769,536 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0410.dll
+ 2008-04-13 18:37:34 562,688 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0411.dll
+ 2008-04-13 18:37:37 543,744 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0412.dll
+ 2008-04-13 18:38:00 769,024 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0413.dll
+ 2008-04-13 18:38:02 716,288 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0414.dll
+ 2008-04-13 18:38:05 759,808 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0415.dll
+ 2008-04-13 18:35:43 752,128 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0416.dll
+ 2008-04-13 18:38:28 736,768 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0419.dll
+ 2008-04-13 18:38:37 757,248 ------w C:\WINDOWS\ServicePackFiles\i386\sprb041b.dll
+ 2008-04-13 18:38:47 724,480 ------w C:\WINDOWS\ServicePackFiles\i386\sprb041d.dll
+ 2008-04-13 18:38:51 724,480 ------w C:\WINDOWS\ServicePackFiles\i386\sprb041f.dll
+ 2008-04-13 18:38:36 732,160 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0424.dll
+ 2008-04-13 18:35:54 470,016 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0804.dll
+ 2008-04-13 18:38:06 751,616 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0816.dll
+ 2008-04-13 18:36:38 773,632 ------w C:\WINDOWS\ServicePackFiles\i386\sprb0c0a.dll
+ 2008-04-13 18:39:02 656,896 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0401.dll
+ 2008-04-13 18:39:13 327,680 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0404.dll
+ 2008-04-13 18:39:02 601,088 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0405.dll
+ 2008-04-13 18:39:12 605,696 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0406.dll
+ 2008-04-13 18:39:19 663,552 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0407.dll
+ 2008-04-13 18:39:12 679,936 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0408.dll
+ 2008-04-13 18:39:17 604,672 ------w C:\WINDOWS\ServicePackFiles\i386\sprc040b.dll
+ 2008-04-13 18:39:20 663,040 ------w C:\WINDOWS\ServicePackFiles\i386\sprc040c.dll
+ 2008-04-13 18:39:28 620,544 ------w C:\WINDOWS\ServicePackFiles\i386\sprc040d.dll
+ 2008-04-13 18:39:28 645,120 ------w C:\WINDOWS\ServicePackFiles\i386\sprc040e.dll
+ 2008-04-13 18:39:28 658,432 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0410.dll
+ 2008-04-13 18:39:49 412,672 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0411.dll
+ 2008-04-13 18:39:49 392,704 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0412.dll
+ 2008-04-13 18:39:47 645,120 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0413.dll
+ 2008-04-13 18:39:48 591,872 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0414.dll
+ 2008-04-13 18:39:52 641,024 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0415.dll
+ 2008-04-13 18:38:56 620,032 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0416.dll
+ 2008-04-13 18:39:56 627,200 ------w C:\WINDOWS\ServicePackFiles\i386\sprc0419.dll
+ 2008-04-13 18:40:04 577,536 ------w C:\WINDOWS\ServicePackFiles\i386\sprc041b.dll
+ 2008-04-13 18:40:05 590,848 ------w C:\WINDOWS\ServicePackFiles\i386\sprc041d.dll
+ 2008-04-13 18:40:09 592,896 ------w C:\WINDOWS\ServicePackFiles\i386\sprc041f.dll
+ 2008-04-13 18:40:05 5
  • 0

#11
Rabell

Rabell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
here is this Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:45 AM, on 5/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKCU\..\Run: [PHONE SURF] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PROGRA~1\FlapAxis.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKUS\S-1-5-21-180328301-726900715-2737616995-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: ljJAtTkJ - ljJAtTkJ.dll (file missing)
O20 - Winlogon Notify: ssqpmml - ssqpmml.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 13649 bytes
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKCU\..\Run: [PHONE SURF] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PROGRA~1\FlapAxis.exe
O4 - HKCU\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O20 - Winlogon Notify: ljJAtTkJ - ljJAtTkJ.dll (file missing)
O20 - Winlogon Notify: ssqpmml - ssqpmml.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\DOCUME~1\HP_ADM~1\APPLIC~1\PROGRA~1\FlapAxis.exe

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log
  • 0

#13
Rabell

Rabell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello.

Here you go..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:02 PM, on 5/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-21-180328301-726900715-2737616995-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'LogMeInRemoteUser')
O4 - S-1-5-21-180328301-726900715-2737616995-1008 User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 13144 bytes



combofix:

ComboFix 08-05-19.4 - HP_Administrator 2008-05-21 13:02:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\My Documents\diag russ\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\My Documents\diag russ\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\DOCUME~1\HP_ADM~1\APPLIC~1\PROGRA~1\FlapAxis.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-20 21:33 . 2008-05-20 21:33 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-20 21:33 . 2008-05-20 21:33 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-20 21:33 . 2008-05-20 21:33 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-20 21:33 . 2008-05-20 21:33 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-20 21:29 . 2008-05-20 21:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-20 21:07 . 2008-04-13 19:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-05-20 21:06 . 2008-04-13 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-20 15:27 . 2008-05-20 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-05-19 14:40 . 2008-05-19 14:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-19 14:32 . 2008-05-19 14:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-19 13:25 . 2006-09-15 20:42 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\WINDOWS
2008-05-19 13:25 . 2006-09-15 20:43 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Intuit
2008-05-19 13:25 . 2007-11-21 07:19 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Apple Computer
2008-05-19 13:25 . 2008-05-21 11:45 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser
2008-05-19 13:25 . 2008-05-21 12:49 1,024 --ah----- C:\Documents and Settings\LogMeInRemoteUser\ntuser.dat.LOG
2008-05-18 20:38 . 2008-05-18 20:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-05-18 20:25 . 2008-05-18 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-18 20:25 . 2008-04-30 18:08 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-18 20:25 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-05-18 20:25 . 2008-04-30 18:08 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-05-18 20:24 . 2008-05-21 10:11 <DIR> d-------- C:\Program Files\LogMeIn
2008-05-18 20:24 . 2008-04-30 18:08 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-05-18 20:24 . 2008-05-18 20:24 1,024 --a------ C:\.rnd
2008-05-18 20:02 . 2008-05-18 20:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 15:29 . 2008-05-07 15:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\GamesCafe
2008-05-07 15:29 . 2008-05-07 15:29 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-04-30 18:08 . 2008-04-30 18:08 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-04-30 18:08 . 2008-04-30 18:08 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll
2008-04-26 12:18 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-26 12:18 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-26 12:18 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-26 12:12 . 2008-04-26 12:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\FUJIFILM
2008-04-26 12:11 . 2008-05-03 18:10 <DIR> d-------- C:\Program Files\FinePixViewer
2008-04-26 12:11 . 2008-04-26 12:11 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2008-04-26 12:11 . 2003-09-03 16:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-04-26 12:11 . 2006-07-12 14:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-04-26 12:11 . 2004-07-24 21:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-04-26 12:10 . 2008-04-26 12:10 <DIR> d-------- C:\Program Files\REGSHAVE
2008-04-26 12:10 . 2001-11-25 06:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-04-26 12:10 . 2002-02-05 11:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-04-26 12:10 . 2002-02-27 06:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-04-26 12:10 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-04-26 12:10 . 2002-02-13 05:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 15:27 --------- d-----w C:\Program Files\Windows Defender
2008-05-21 15:27 --------- d-----w C:\Program Files\QuickTime
2008-05-21 15:27 --------- d-----w C:\Program Files\iTunes
2008-05-21 15:27 --------- d-----w C:\Program Files\HP DigitalMedia Archive
2008-05-21 02:40 208,896 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2008-05-21 02:39 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-05-21 02:39 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-05-21 02:39 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-05-21 02:39 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-05-21 02:39 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-05-21 02:39 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-05-21 02:39 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-05-21 02:39 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-05-20 01:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-05-19 01:04 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\ComcastToolbar
2008-05-18 23:41 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-05-18 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-17 00:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-17 00:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-05-03 14:19 --------- d-----w C:\Program Files\LimeWire
2008-04-26 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 19:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\MSN6
2008-04-21 20:20 --------- d-----w C:\Program Files\McAfee
2008-04-16 02:00 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\funkitron
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 00:10 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 00:10 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 00:10 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
2008-04-14 00:10 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-21_10.56.05.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 15:23:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 16:07:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04 5562368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-15 20:32 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 15:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 21:23 663552]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 17:14 237568]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"PCDrProfiler"="" []
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15 151552]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2006-01-13 01:46 311296]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 01:46 196608]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 17:34 249856]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-23 07:44 86016]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:56 64512]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 04:05 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Live Messenger"="LiveMssngr.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04 5562368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 19:12 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-09-15 20:00:58 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-15 20:00:58 27136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-04-26 12:11:22 303104]
iZone Monitor.lnk - C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe [2006-12-25 09:32:04 184320]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54 65588]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-09-15 20:47:44 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
Debugger="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 01:46]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 00:55:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-21 09:00:01 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-05-19 06:03:06 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-19 06:01:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe.3855 7
"2008-05-21 16:11:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 13:09:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-21 13:15:38
ComboFix-quarantined-files.txt 2008-05-21 18:14:34
ComboFix2.txt 2008-05-21 15:58:03

Pre-Run: 192,804,794,368 bytes free
Post-Run: 192,785,203,200 bytes free

279 --- E O F --- 2008-05-17 05:01:28


Russ
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\RunServices: [Microsoft Live Messenger] LiveMssngr.exe


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Reboot and post a new HijackThis log and tell me how your PC is running
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP