Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security toolbar 7.1 help! [CLOSED]

Started by df8665 , Jun 19 2008 10:30 AM

  • This topic is locked This topic is locked

#1
df8665
Posted 19 June 2008 - 10:30 AM

df8665

    New Member

  • Member
  • Pip
  • 6 posts
this IS MY HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:57 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\DOCUME~1\Guest\LOCALS~1\Temp\jkkll.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {6B93B362-B100-4DAF-B5BF-EDE30DB5BCF3} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\ljjihgh.dll (file missing)
O2 - BHO: (no name) - {98EC6181-56D9-4D79-9FBE-326BC51ED84d} - C:\WINDOWS\system32\sqtvtxio.dll
O2 - BHO: (no name) - {A4C0A972-A0A4-47D8-B4F9-590B0C46CC07} - C:\WINDOWS\system32\sqtvtxio.dll
O2 - BHO: (no name) - {A7260504-9D09-4E36-BD74-8ED3FFF888E2} - C:\DOCUME~1\Guest\LOCALS~1\Temp\jkkll.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mpxzkrai.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\fcyyyyw.dll
O2 - BHO: {d52a0167-cff8-c26b-ed64-4c2f4014811c} - {c1184104-f2c4-46de-b62c-8ffc7610a25d} - C:\WINDOWS\system32\uvmkdkob.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mpxzkrai.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm035YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.co...tg.1.0.0.33.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...29.8/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAB07CD-279A-4C52-B5E8-3FBA25EC8D36}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6343AA9-5CD0-4715-9210-0AF642D57EAD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EC93FC-8E14-45EE-A72B-EFC40D0ECD9D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D10538-B052-4819-A0D1-5E08B0F3272D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB684270-F371-4E9D-9226-97152B418883}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD908A54-F663-45A8-8B73-E007C80A4583}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.18 85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.18 85.255.112.67
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: fcyyyyw - C:\WINDOWS\SYSTEM32\fcyyyyw.dll
O20 - Winlogon Notify: ljjihgh - ljjihgh.dll (file missing)
O20 - Winlogon Notify: mpxzkrai - C:\WINDOWS\SYSTEM32\mpxzkrai.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements

#2
andrewuk
Posted 19 June 2008 - 12:17 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi df8665

welcome to geekstogo :)

if you have already downloaded combofix then could you delete the current version of combofix you have and then follow these instructions:

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

andrewuk
  • 0

#3
df8665
Posted 19 June 2008 - 11:04 PM

df8665

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thanks for the help, this my combofix log

ComboFix 08-06-19.1 - HP_Administrator 2008-06-19 23:58:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1561 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
C:\Documents and Settings\Guest\Application Data\Seekmo
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1058131.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066422.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1306306.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\1320424.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884480.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\3340762.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\3855406.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\625696.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\952211.sdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10587
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\117759
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15541
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20128
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20304
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20549
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25469
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26656
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26763
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27414
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27503
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29642
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\297534
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32418
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\345676
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39850
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3986
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4142
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4157
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43377
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4382
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4442
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44484
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45351
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4763
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\477109
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\531510
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53923
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\56463
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\578081
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\578140
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\579123
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\579718
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58478
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59598
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59844
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59913
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\606379
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61207
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64495
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64517
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\65770
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69325
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73387
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\74398
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744786
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744819
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744881
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745415
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745434
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748368
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748380
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\751209
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\76208
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\78600
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79246
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82292
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85055
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85062
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\89500
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90358
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94407
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95777
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\35ac.dat
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
C:\Documents and Settings\Guest\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\avatar.dat
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\register.dat
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\zbucks.dat
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\F2SDLY79\www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1055780.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1058131.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066422.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1391215.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1407182.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\148733.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\221540.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2530568.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884426.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884480.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2901962.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3783087.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852407.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\48657.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\718676.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\965522.sdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10807
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116250
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11891
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\141199
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15090
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\153363
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1590
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\159529
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16176
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16204
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1670
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\168167
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18909
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19814
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20357
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20549
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20570
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21060
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22254
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22257
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22913
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23149
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23849
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24341
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24996
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\251492
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27505
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\286256
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30854
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32148
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32276
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32418
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3338
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34174
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\346468
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34952
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35000
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\361427
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39245
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41115
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43719
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44293
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4442
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\455641
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\459338
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\475788
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51666
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52248
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5358
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54220
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54469
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\547723
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58804
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59139
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\604347
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61207
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64404
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64605
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\65770
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66836
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67226
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69263
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70375
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70650
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\713199
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73282
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\733622
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73387
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744726
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744786
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744934
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744999
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745019
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745148
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745175
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745326
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748329
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\7521
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\752651
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753094
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\75743
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\75746
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79806
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79972
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79989
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\81566
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82120
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82292
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\8443
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85522
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86090
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86587
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86993
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\872
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\873
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90358
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93921
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94230
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94778
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95803
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95825
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95828
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\97964
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\35ae.dat
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\35af.dat
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
C:\Documents and Settings\HP_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\ActivationManager.dll
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\dobe~1
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\network monitor
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\PlayMP3.exe
C:\Program Files\PlayMP3z\uninstall.exe
C:\WINDOWS\BMdf27997d.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\mbols~1
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aawhtsby.dll
C:\WINDOWS\system32\acbeg.bak1
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\adayoqvs.dll
C:\WINDOWS\system32\afddynot.ini
C:\WINDOWS\system32\aghwvxbw.dll
C:\WINDOWS\system32\alnqpvpm.ini
C:\WINDOWS\system32\amsukven.ini
C:\WINDOWS\system32\amtyemyx.ini
C:\WINDOWS\system32\anqtyptc.dll
C:\WINDOWS\system32\apcjhugw.ini
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\apxxubdi.ini
C:\WINDOWS\system32\aqgasdnu.dll
C:\WINDOWS\system32\arnlbfic.ini
C:\WINDOWS\system32\arypruiu.dll
C:\WINDOWS\system32\asmrbrkm.dll
C:\WINDOWS\system32\atreeykp.dll
C:\WINDOWS\system32\avcytebw.ini
C:\WINDOWS\system32\axfnhqqj.dll
C:\WINDOWS\system32\aypkwxmw.dll
C:\WINDOWS\system32\bblepttb.ini
C:\WINDOWS\system32\bdthlevh.dll
C:\WINDOWS\system32\bgafudpp.dll
C:\WINDOWS\system32\biwijsdj.dll
C:\WINDOWS\system32\blssaekq.dll
C:\WINDOWS\system32\bluyjudv.dll
C:\WINDOWS\system32\blwqfdhm.ini
C:\WINDOWS\system32\bmiodqxn.dll
C:\WINDOWS\system32\bnakpexy.ini
C:\WINDOWS\system32\brexfuvq.dll
C:\WINDOWS\system32\brfntgtd.ini
C:\WINDOWS\system32\brrwiqlh.dll
C:\WINDOWS\system32\bskmdvig.ini
C:\WINDOWS\system32\btlwhtxv.dll
C:\WINDOWS\system32\bttpelbb.dll
C:\WINDOWS\system32\bumcdyhu.ini
C:\WINDOWS\system32\bwdqwrhi.dll
C:\WINDOWS\system32\bwrumorb.ini
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\ceattqda.dll
C:\WINDOWS\system32\cfevdwmr.ini
C:\WINDOWS\system32\chdilhmw.dll
C:\WINDOWS\system32\chigksad.dll
C:\WINDOWS\system32\chtrsxpw.dll
C:\WINDOWS\system32\chwqbmpr.dll
C:\WINDOWS\system32\cifblnra.dll
C:\WINDOWS\system32\cipscylp.ini
C:\WINDOWS\system32\cjgrlnov.dll
C:\WINDOWS\system32\cjjjajcg.dll
C:\WINDOWS\system32\cmddavkt.ini
C:\WINDOWS\system32\cmubprsd.ini
C:\WINDOWS\system32\cnvqtqjx.dll
C:\WINDOWS\system32\codifrun.dll
C:\WINDOWS\system32\coignwli.dll
C:\WINDOWS\system32\cqbcihnx.ini
C:\WINDOWS\system32\crpurapc.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ctsgdffn.dll
C:\WINDOWS\system32\cupccxhg.ini
C:\WINDOWS\system32\cwfcqrcx.dll
C:\WINDOWS\system32\cwuljjyg.ini
C:\WINDOWS\system32\cwxcitfa.dll
C:\WINDOWS\system32\datmoasj.dll
C:\WINDOWS\system32\davakwbp.ini
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddirnhom.dll
C:\WINDOWS\system32\ddnhmoju.dll
C:\WINDOWS\system32\dgbstjcl.dll
C:\WINDOWS\system32\dgccbpup.ini
C:\WINDOWS\system32\djbgaceg.dll
C:\WINDOWS\system32\djesdjuh.dll
C:\WINDOWS\system32\djiciboq.ini
C:\WINDOWS\system32\djycpemj.ini
C:\WINDOWS\system32\dmfctxsp.dll
C:\WINDOWS\system32\dnebcwvk.dll
C:\WINDOWS\system32\doxmpxfw.dll
C:\WINDOWS\system32\dpanouuo.dll
C:\WINDOWS\system32\dquctjdn.dll
C:\WINDOWS\system32\drhiwqdx.dll
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drokfmui.dll
C:\WINDOWS\system32\dtegmcvp.dll
C:\WINDOWS\system32\dtgtnfrb.dll
C:\WINDOWS\system32\dvebbweq.dll
C:\WINDOWS\system32\dvexbvqj.dll
C:\WINDOWS\system32\dvpkwgvh.dll
C:\WINDOWS\system32\dyqsffpn.ini
C:\WINDOWS\system32\ebvrbdcu.dll
C:\WINDOWS\system32\edlvjkej.ini
C:\WINDOWS\system32\eekkbdtb.dll
C:\WINDOWS\system32\eeqidsgn.dll
C:\WINDOWS\system32\efkxwncy.dll
C:\WINDOWS\system32\efviqbkg.dll
C:\WINDOWS\system32\egmqungp.dll
C:\WINDOWS\system32\ehvtwbxy.dll
C:\WINDOWS\system32\ejxdxudg.dll
C:\WINDOWS\system32\eqdnxwdj.dll
C:\WINDOWS\system32\eqnfqqte.dll
C:\WINDOWS\system32\esiyupin.dll
C:\WINDOWS\system32\etvvmcrl.dll
C:\WINDOWS\system32\etyuagnq.ini
C:\WINDOWS\system32\eubewb
  • 0

#4
andrewuk
Posted 20 June 2008 - 12:58 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
your combofix log got cut off (seems combofix has deleted plenty of infections :) ).

the forum has a limit of how long each post is, so could you post the rest of the combofix log.......you may have to post it over several posts.

andrewuk
  • 0

#5
df8665
Posted 20 June 2008 - 01:11 AM

df8665

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
C:\WINDOWS\system32\euijjauj.ini
C:\WINDOWS\system32\eurcakkk.dll
C:\WINDOWS\system32\eybwsqyu.ini
C:\WINDOWS\system32\faduoytw.dll
C:\WINDOWS\system32\fcxijhfm.ini
C:\WINDOWS\system32\fcyyyyw.dll
C:\WINDOWS\system32\fdbnsclt.ini
C:\WINDOWS\system32\fewrkioe.dll
C:\WINDOWS\system32\fggmvoje.dll
C:\WINDOWS\system32\fijibfjx.ini
C:\WINDOWS\system32\fkibprpj.ini
C:\WINDOWS\system32\fmuvaqia.dll
C:\WINDOWS\system32\fonwbnkm.dll
C:\WINDOWS\system32\forqjoyr.ini
C:\WINDOWS\system32\fsfaawis.ini
C:\WINDOWS\system32\futpdvfs.ini
C:\WINDOWS\system32\fwhtltqv.dll
C:\WINDOWS\system32\fwnecapt.ini
C:\WINDOWS\system32\fxaktfae.ini
C:\WINDOWS\system32\fywwbjye.dll
C:\WINDOWS\system32\gdxjuhyi.dll
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gfgiftnj.dll
C:\WINDOWS\system32\gfyhersf.dll
C:\WINDOWS\system32\ghnruger.ini
C:\WINDOWS\system32\ghrauuvl.dll
C:\WINDOWS\system32\ghxccpuc.dll
C:\WINDOWS\system32\gjixtrli.dll
C:\WINDOWS\system32\gjvkbsns.dll
C:\WINDOWS\system32\gldncmji.ini
C:\WINDOWS\system32\gtelmhrd.dll
C:\WINDOWS\system32\guccbepd.dll
C:\WINDOWS\system32\gyjjluwc.dll
C:\WINDOWS\system32\hecjlcxn.dll
C:\WINDOWS\system32\hejeqmpu.dll
C:\WINDOWS\system32\hlnxhchu.dll
C:\WINDOWS\system32\hnkelqlh.dll
C:\WINDOWS\system32\hnupglno.dll
C:\WINDOWS\system32\hptwjcxv.ini
C:\WINDOWS\system32\hpuxyfiw.dll
C:\WINDOWS\system32\hpxpxhxu.dll
C:\WINDOWS\system32\hqkulbot.ini
C:\WINDOWS\system32\hriailwr.dll
C:\WINDOWS\system32\hvgwkpvd.ini
C:\WINDOWS\system32\hwdfmnom.dll
C:\WINDOWS\system32\hwltjkdv.ini
C:\WINDOWS\system32\idbuxxpa.dll
C:\WINDOWS\system32\idoiurop.ini
C:\WINDOWS\system32\ieyogmdx.dll
C:\WINDOWS\system32\igpueciy.ini
C:\WINDOWS\system32\ihrwqdwb.ini
C:\WINDOWS\system32\ihwxqjrb.dll
C:\WINDOWS\system32\iidylrij.ini
C:\WINDOWS\system32\ijdlsutw.dll
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ikxiwpnv.dll
C:\WINDOWS\system32\ilrtxijg.ini
C:\WINDOWS\system32\imeocdwx.dll
C:\WINDOWS\system32\ipindcbl.ini
C:\WINDOWS\system32\ipljibgn.dll
C:\WINDOWS\system32\iptnkcvj.dll
C:\WINDOWS\system32\iqkjbhpc.ini
C:\WINDOWS\system32\iqlpcsgl.dll
C:\WINDOWS\system32\iqsifejb.dll
C:\WINDOWS\system32\irylnflv.ini
C:\WINDOWS\system32\ithxcmnw.dll
C:\WINDOWS\system32\iumfkord.ini
C:\WINDOWS\system32\ivnvejvm.ini
C:\WINDOWS\system32\ivtxuued.dll
C:\WINDOWS\system32\iwqqespu.ini
C:\WINDOWS\system32\iyeecweo.dll
C:\WINDOWS\system32\iyhqoqyp.dll
C:\WINDOWS\system32\iyhujxdg.ini
C:\WINDOWS\system32\jdsjiwib.ini
C:\WINDOWS\system32\jdwxndqe.ini
C:\WINDOWS\system32\jekjvlde.dll
C:\WINDOWS\system32\jirlydii.dll
C:\WINDOWS\system32\jkhgbvqc.ini
C:\WINDOWS\system32\jlfdgpir.dll
C:\WINDOWS\system32\jlgcfhfm.dll
C:\WINDOWS\system32\jlnillrs.ini
C:\WINDOWS\system32\jlppwymm.ini
C:\WINDOWS\system32\jmjqfvyx.ini
C:\WINDOWS\system32\jmlbxjbv.dll
C:\WINDOWS\system32\jmrqbfqp.ini
C:\WINDOWS\system32\jnxcpbcu.dll
C:\WINDOWS\system32\jqmcirau.ini
C:\WINDOWS\system32\jqqhnfxa.ini
C:\WINDOWS\system32\jqvbxevd.ini
C:\WINDOWS\system32\jsaomtad.ini
C:\WINDOWS\system32\jtlkdgob.dll
C:\WINDOWS\system32\jtvkmlon.dll
C:\WINDOWS\system32\juajjiue.dll
C:\WINDOWS\system32\jxawfvvg.dll
C:\WINDOWS\system32\jxtqgxdv.dll
C:\WINDOWS\system32\kahyycci.dll
C:\WINDOWS\system32\kdhwr.exe
C:\WINDOWS\system32\kdyviugl.dll
C:\WINDOWS\system32\kffqcius.ini
C:\WINDOWS\system32\kfyoyfis.ini
C:\WINDOWS\system32\khcgtwqk.ini
C:\WINDOWS\system32\kicuyqpx.dll
C:\WINDOWS\system32\kifbsluf.dll
C:\WINDOWS\system32\kjodaale.dll
C:\WINDOWS\system32\kjqdmlem.ini
C:\WINDOWS\system32\kkkacrue.ini
C:\WINDOWS\system32\kohkpidi.dll
C:\WINDOWS\system32\kopgmfeo.dll
C:\WINDOWS\system32\kqwtgchk.dll
C:\WINDOWS\system32\krbywpum.dll
C:\WINDOWS\system32\krchvmkt.dll
C:\WINDOWS\system32\ksegluoj.dll
C:\WINDOWS\system32\ksensrmm.ini
C:\WINDOWS\system32\kunuapik.dll
C:\WINDOWS\system32\kvaomjds.ini
C:\WINDOWS\system32\kvasjxan.ini
C:\WINDOWS\system32\kwfhavtb.ini
C:\WINDOWS\system32\ladhdavv.dll
C:\WINDOWS\system32\lbcdnipi.dll
C:\WINDOWS\system32\lgjwtbnl.ini
C:\WINDOWS\system32\lhopttin.dll
C:\WINDOWS\system32\livokipi.dll
C:\WINDOWS\system32\lkeeacyq.dll
C:\WINDOWS\system32\lkefimfv.dll
C:\WINDOWS\system32\lmhbbwwn.dll
C:\WINDOWS\system32\lppjokaj.ini
C:\WINDOWS\system32\lshtbjpn.ini
C:\WINDOWS\system32\lspchouw.dll
C:\WINDOWS\system32\lvcccrmf.dll
C:\WINDOWS\system32\lvuuarhg.ini
C:\WINDOWS\system32\lxcyqkom.dll
C:\WINDOWS\system32\lxqrbdtx.ini
C:\WINDOWS\system32\mcofkiha.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdmwcmcx.ini
C:\WINDOWS\system32\mdnlctpk.dll
C:\WINDOWS\system32\mdtpykef.dll
C:\WINDOWS\system32\mfhfcglj.ini
C:\WINDOWS\system32\mfhjixcf.dll
C:\WINDOWS\system32\mgqtfiei.dll
C:\WINDOWS\system32\mhdfqwlb.dll
C:\WINDOWS\system32\mjgnnlkh.ini
C:\WINDOWS\system32\mknbwnof.ini
C:\WINDOWS\system32\monmfdwh.ini
C:\WINDOWS\system32\mosuqvvm.dll
C:\WINDOWS\system32\mpvpqnla.dll
C:\WINDOWS\system32\mpxzkrai.dll
C:\WINDOWS\system32\mqrppjag.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mtbscmew.dll
C:\WINDOWS\system32\mualsfox.ini
C:\WINDOWS\system32\mvjevnvi.dll
C:\WINDOWS\system32\mwonhbla.dll
C:\WINDOWS\system32\myqqnmuf.dll
C:\WINDOWS\system32\naxjsavk.dll
C:\WINDOWS\system32\nbpmyndx.ini
C:\WINDOWS\system32\nevkusma.dll
C:\WINDOWS\system32\nffdgstc.ini
C:\WINDOWS\system32\nfibrfpx.dll
C:\WINDOWS\system32\ngbijlpi.ini
C:\WINDOWS\system32\nipuyise.ini
C:\WINDOWS\system32\nlnfnodt.ini
C:\WINDOWS\system32\nmfubvlc.dll
C:\WINDOWS\system32\nolmkvtj.ini
C:\WINDOWS\system32\nopksjyt.dll
C:\WINDOWS\system32\npffsqyd.dll
C:\WINDOWS\system32\nxqdoimb.ini
C:\WINDOWS\system32\o03PrEz
C:\WINDOWS\system32\o03PrEz\o03PrEz1080.exe
C:\WINDOWS\system32\oablejvo.ini
C:\WINDOWS\system32\obfmisdu.dll
C:\WINDOWS\system32\ocvwewak.dll
C:\WINDOWS\system32\oewceeyi.ini
C:\WINDOWS\system32\ogflbhye.dll
C:\WINDOWS\system32\ojoefyvt.dll
C:\WINDOWS\system32\olpvvsts.dll
C:\WINDOWS\system32\oltbqdyp.dll
C:\WINDOWS\system32\oodqmils.dll
C:\WINDOWS\system32\oqedcuuq.dll
C:\WINDOWS\system32\oqkxmqlx.dll
C:\WINDOWS\system32\osrsutsp.ini
C:\WINDOWS\system32\otsqjgsy.ini
C:\WINDOWS\system32\ouuonapd.ini
C:\WINDOWS\system32\ovdcxpuj.dll
C:\WINDOWS\system32\ovfviuye.dll
C:\WINDOWS\system32\owidtjdy.dll
C:\WINDOWS\system32\oyogugqp.dll
C:\WINDOWS\system32\pbwkavad.dll
C:\WINDOWS\system32\pbxvddct.ini
C:\WINDOWS\system32\peigkexx.dll
C:\WINDOWS\system32\peyjboir.dll
C:\WINDOWS\system32\pguuwvqq.ini
C:\WINDOWS\system32\phlvlffa.dll
C:\WINDOWS\system32\pidbxqrk.ini
C:\WINDOWS\system32\pldfxdmr.dll
C:\WINDOWS\system32\plycspic.dll
C:\WINDOWS\system32\pmgkkety.ini
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmnscrkm.dll
C:\WINDOWS\system32\pnfefmwm.dll
C:\WINDOWS\system32\pngdpeii.dll
C:\WINDOWS\system32\pnkkyqjh.ini
C:\WINDOWS\system32\pnngdrbu.ini
C:\WINDOWS\system32\poiyhmtl.ini
C:\WINDOWS\system32\poruiodi.dll
C:\WINDOWS\system32\pouniakm.dll
C:\WINDOWS\system32\pqfbqrmj.dll
C:\WINDOWS\system32\pqgugoyo.ini
C:\WINDOWS\system32\prkcqbnr.dll
C:\WINDOWS\system32\ps.exe
C:\WINDOWS\system32\pstusrso.dll
C:\WINDOWS\system32\psxtcfmd.ini
C:\WINDOWS\system32\pudiapxa.dll
C:\WINDOWS\system32\pvhvrlyl.dll
C:\WINDOWS\system32\pvvghcoe.ini
C:\WINDOWS\system32\pyqoqhyi.ini
C:\WINDOWS\system32\qckodcvi.dll
C:\WINDOWS\system32\qdklptod.dll
C:\WINDOWS\system32\qdsyauug.dll
C:\WINDOWS\system32\qfkcuvjt.dll
C:\WINDOWS\system32\qhcekdhy.dll
C:\WINDOWS\system32\qiwftwqf.ini
C:\WINDOWS\system32\qngauyte.dll
C:\WINDOWS\system32\qnolvqmb.dll
C:\WINDOWS\system32\qobicijd.dll
C:\WINDOWS\system32\qpwjajxw.dll
C:\WINDOWS\system32\qqvwuugp.dll
C:\WINDOWS\system32\qtgiuvem.ini
C:\WINDOWS\system32\quqeyyjy.dll
C:\WINDOWS\system32\qvufxerb.ini
C:\WINDOWS\system32\qwokwdpo.dll
C:\WINDOWS\system32\qxuwemds.ini
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\rartcydj.dll
C:\WINDOWS\system32\rdqcxvju.ini
C:\WINDOWS\system32\riobjyep.ini
C:\WINDOWS\system32\ripgdflj.ini
C:\WINDOWS\system32\ritwjijf.ini
C:\WINDOWS\system32\rjpcpstx.ini
C:\WINDOWS\system32\rkqedtdl.ini
C:\WINDOWS\system32\rlelihyu.dll
C:\WINDOWS\system32\rmdxfdlp.ini
C:\WINDOWS\system32\rmftgtpt.dll
C:\WINDOWS\system32\rmjkqxyt.dll
C:\WINDOWS\system32\rmwdvefc.dll
C:\WINDOWS\system32\rntxgrls.dll
C:\WINDOWS\system32\rpctfpfv.ini
C:\WINDOWS\system32\rpmbqwhc.ini
C:\WINDOWS\system32\rqnivxvt.dll
C:\WINDOWS\system32\rsiwjsfr.ini
C:\WINDOWS\system32\rsnuloub.dll
C:\WINDOWS\system32\rtxhnaue.dll
C:\WINDOWS\system32\ruybbluf.dll
C:\WINDOWS\system32\rwliairh.ini
C:\WINDOWS\system32\rxqxdkmw.dll
C:\WINDOWS\system32\ryojqrof.dll
C:\WINDOWS\system32\saiptvwd.dll
C:\WINDOWS\system32\sasijvif.dll
C:\WINDOWS\system32\sdjmoavk.dll
C:\WINDOWS\system32\sdmewuxq.dll
C:\WINDOWS\system32\sfvdptuf.dll
C:\WINDOWS\system32\sgjtwcky.dll
C:\WINDOWS\system32\shrierxu.ini
C:\WINDOWS\system32\shsftxqx.dll
C:\WINDOWS\system32\sjgujrrh.dll
C:\WINDOWS\system32\slimqdoo.ini
C:\WINDOWS\system32\slrgxtnr.ini
C:\WINDOWS\system32\sqtvtxio.dll
C:\WINDOWS\system32\srllinlj.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\stidiveq.dll
C:\WINDOWS\system32\stsvvplo.ini
C:\WINDOWS\system32\stwuponv.dll
C:\WINDOWS\system32\subankwx.dll
C:\WINDOWS\system32\suhwalit.ini
C:\WINDOWS\system32\suxtkhnl.dll
C:\WINDOWS\system32\svxajvia.dll
C:\WINDOWS\system32\sxbgvpec.dll
C:\WINDOWS\system32\taehlean.ini
C:\WINDOWS\system32\tandwnsy.dll
C:\WINDOWS\system32\tbvejojp.dll
C:\WINDOWS\system32\texrcahj.dll
C:\WINDOWS\system32\tkmvhcrk.ini
C:\WINDOWS\system32\tlcsnbdf.dll
C:\WINDOWS\system32\tlrnckxv.dll
C:\WINDOWS\system32\tmskwbbj.dll
C:\WINDOWS\system32\toblukqh.dll
C:\WINDOWS\system32\tonyddfa.dll
C:\WINDOWS\system32\tosbaxbv.dll
C:\WINDOWS\system32\tosmmvpo.dll
C:\WINDOWS\system32\tpacenwf.dll
C:\WINDOWS\system32\tptgtfmr.ini
C:\WINDOWS\system32\ttrrypgg.dll
C:\WINDOWS\system32\tvmdspwu.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\tvvwa.tmp
C:\WINDOWS\system32\tvxvinqr.ini
C:\WINDOWS\system32\tvyfeojo.ini
C:\WINDOWS\system32\tyjskpon.ini
C:\WINDOWS\system32\tyxqkjmr.ini
C:\WINDOWS\system32\uaricmqj.dll
C:\WINDOWS\system32\uarilixw.dll
C:\WINDOWS\system32\ubrdgnnp.dll
C:\WINDOWS\system32\ucbpcxnj.ini
C:\WINDOWS\system32\uciusvnr.dll
C:\WINDOWS\system32\ueeeslyt.dll
C:\WINDOWS\system32\ufwmxvex.ini
C:\WINDOWS\system32\ugkdlftf.dll
C:\WINDOWS\system32\ugnfivav.ini
C:\WINDOWS\system32\uguiwrqj.dll
C:\WINDOWS\system32\uhydcmub.dll
C:\WINDOWS\system32\uipcveug.dll
C:\WINDOWS\system32\ujomhndd.ini
C:\WINDOWS\system32\ukslowxt.dll
C:\WINDOWS\system32\ulkfxaia.dll
C:\WINDOWS\system32\unounbhw.dll
C:\WINDOWS\system32\uodxvacv.dll
C:\WINDOWS\system32\upseqqwi.dll
C:\WINDOWS\system32\usdupfpi.dll
C:\WINDOWS\system32\utowoutq.dll
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\uuhscluv.ini
C:\WINDOWS\system32\uvnlldpb.dll
C:\WINDOWS\system32\uvproipp.dll
C:\WINDOWS\system32\uvvgiueu.dll
C:\WINDOWS\system32\uxebgkfw.ini
C:\WINDOWS\system32\uxeepeas.dll
C:\WINDOWS\system32\uxreirhs.dll
C:\WINDOWS\system32\uyqswbye.dll
C:\WINDOWS\system32\vaukbtoe.ini
C:\WINDOWS\system32\vavifngu.dll
C:\WINDOWS\system32\vbxabsot.ini
C:\WINDOWS\system32\vcbtybgp.dll
C:\WINDOWS\system32\vcnexaxx.dll
C:\WINDOWS\system32\vdkjtlwh.dll
C:\WINDOWS\system32\vdwxkguc.dll
C:\WINDOWS\system32\vdxgqtxj.ini
C:\WINDOWS\system32\vfpftcpr.dll
C:\WINDOWS\system32\vhmcgixj.dll
C:\WINDOWS\system32\vhoynhnd.ini
C:\WINDOWS\system32\vituxvve.ini
C:\WINDOWS\system32\vkpcqmdd.dll
C:\WINDOWS\system32\vkubdivm.dll
C:\WINDOWS\system32\vlfnlyri.dll
C:\WINDOWS\system32\vmhvasrm.ini
C:\WINDOWS\system32\vmskpekw.ini
C:\WINDOWS\system32\vnopuwts.ini
C:\WINDOWS\system32\vonlrgjc.ini
C:\WINDOWS\system32\vqtlthwf.ini
C:\WINDOWS\system32\vtttmkyl.ini
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtycijqh.dll
C:\WINDOWS\system32\vulcshuu.dll
C:\WINDOWS\system32\vutnudpt.dll
C:\WINDOWS\system32\vvadhdal.ini
C:\WINDOWS\system32\vvbkkdgc.dll
C:\WINDOWS\system32\vvwjgpsw.ini
C:\WINDOWS\system32\vxcjwtph.dll
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vynmmiyk.dll
C:\WINDOWS\system32\wbetycva.dll
C:\WINDOWS\system32\wbxvwhga.ini
C:\WINDOWS\system32\wetesxjg.ini
C:\WINDOWS\system32\wfkgbexu.dll
C:\WINDOWS\system32\wfxpmxod.ini
C:\WINDOWS\system32\wgbxyhfr.dll
C:\WINDOWS\system32\whyxlxiu.dll
C:\WINDOWS\system32\wifyxuph.ini
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wkepksmv.dll
C:\WINDOWS\system32\wkqkasfe.dll
C:\WINDOWS\system32\wltsgano.ini
C:\WINDOWS\system32\wmfijuje.dll
C:\WINDOWS\system32\wmhlidhc.ini
C:\WINDOWS\system32\wmlccxcr.ini
C:\WINDOWS\system32\wmwifout.dll
C:\WINDOWS\system32\wpvlyvdt.dll
C:\WINDOWS\system32\wtgpkxwk.ini
C:\WINDOWS\system32\wtusldji.ini
C:\WINDOWS\system32\wtyoudaf.ini
C:\WINDOWS\system32\wvebuxty.ini
C:\WINDOWS\system32\wvwssbcl.ini
C:\WINDOWS\system32\wwaqghcb.dll
C:\WINDOWS\system32\wxgtkfnt.ini
C:\WINDOWS\system32\wxknpcsi.dll
C:\WINDOWS\system32\xcrqcfwc.ini
C:\WINDOWS\system32\xdefdukc.dll
C:\WINDOWS\system32\xdgctkvj.dll
C:\WINDOWS\system32\xdnympbn.dll
C:\WINDOWS\system32\xfvypfeu.dll
C:\WINDOWS\system32\xjfbijif.dll
C:\WINDOWS\system32\xkamafxl.dll
C:\WINDOWS\system32\xkkrsjsa.dll
C:\WINDOWS\system32\xlguduvx.dll
C:\WINDOWS\system32\xlqmxkqo.ini
C:\WINDOWS\system32\xofslaum.dll
C:\WINDOWS\system32\xowwgpve.dll
C:\WINDOWS\system32\xpftfmfd.dll
C:\WINDOWS\system32\xqqbntyh.dll
C:\WINDOWS\system32\xqxtfshs.ini
C:\WINDOWS\system32\xrdrhujq.dll
C:\WINDOWS\system32\xtdbrqxl.dll
C:\WINDOWS\system32\xtsjterj.ini
C:\WINDOWS\system32\xtspcpjr.dll
C:\WINDOWS\system32\xvuduglx.ini
C:\WINDOWS\system32\xxaxencv.ini
C:\WINDOWS\system32\xxnncrbn.dll
C:\WINDOWS\system32\xyvfqjmj.dll
C:\WINDOWS\system32\yapkhqds.ini
C:\WINDOWS\system32\yarfaqtu.dll
C:\WINDOWS\system32\ybsthwaa.ini
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycnwxkfe.ini
C:\WINDOWS\system32\ydjtdiwo.ini
C:\WINDOWS\system32\ydlvhvvl.ini
C:\WINDOWS\system32\yjwoylpw.ini
C:\WINDOWS\system32\ykcwtjgs.ini
C:\WINDOWS\system32\yrrpbqwe.dll
C:\WINDOWS\system32\ysgjqsto.dll
C:\WINDOWS\system32\ytekkgmp.dll
C:\WINDOWS\system32\yvsfcpto.dll
C:\WINDOWS\system32\yxepkanb.dll
C:\WINDOWS\system32\yxnhsodq.dll
C:\WINDOWS\system32\yxpicinh.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CORE
-------\Legacy_NETWORK_MONITOR
-------\Service_core
-------\Service_Network Monitor


((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-19 12:28 . 2008-06-19 12:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-19 02:17 . 2008-06-20 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 02:09 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-06-18 02:08 . 2008-06-18 02:09 <DIR> d-------- C:\Program Files\Syncrosoft
2008-06-18 02:08 . 2005-02-01 04:34 700,416 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-06-18 02:08 . 2004-05-11 00:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-06-18 02:08 . 2003-08-01 05:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-06-18 02:08 . 2003-05-27 00:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-06-18 02:08 . 2003-05-27 00:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-06-18 02:08 . 2002-11-25 17:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-06-18 02:08 . 2001-04-09 14:03 17,784 --a------ C:\WINDOWS\system32\drivers\NSynas32.sys
2008-06-18 02:08 . 2002-11-25 14:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 09:14 --------- d-----w C:\Program Files\QuickTime
2008-06-19 09:13 --------- d-----w C:\Program Files\music_now
2008-06-19 09:10 --------- d-----w C:\Program Files\iTunes
2008-06-19 09:06 --------- d-----w C:\Program Files\HP DigitalMedia Archive
2008-06-19 08:55 --------- d-----w C:\Program Files\America Online 9.0
2008-06-19 06:23 --------- d-----w C:\Program Files\DISC
2008-06-19 06:23 --------- d-----w C:\Program Files\BellSouthWCC
2008-06-18 06:10 --------- d-----w C:\Program Files\VstPlugins
2008-06-18 04:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-06-17 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-09 19:56 167 ----a-w C:\Documents and Settings\HP_Administrator\6297.bat
2007-07-09 19:53 167 ----a-w C:\Documents and Settings\HP_Administrator\6455.bat
2007-07-09 14:24 167 ----a-w C:\Documents and Settings\HP_Administrator\4331.bat
2007-07-08 00:42 167 ----a-w C:\Documents and Settings\HP_Administrator\5767.bat
2007-07-08 00:32 167 ----a-w C:\Documents and Settings\HP_Administrator\8172.bat
2007-07-07 21:25 167 ----a-w C:\Documents and Settings\HP_Administrator\2742.bat
2007-07-06 00:33 167 ----a-w C:\Documents and Settings\HP_Administrator\4312.bat
2007-06-18 00:46 167 ----a-w C:\Documents and Settings\HP_Administrator\5382.bat
2007-06-17 19:06 167 ----a-w C:\Documents and Settings\HP_Administrator\9774.bat
2007-06-17 18:29 167 ----a-w C:\Documents and Settings\HP_Administrator\3440.bat
2007-06-17 18:02 167 ----a-w C:\Documents and Settings\HP_Administrator\1000.bat
2007-06-16 14:52 167 ----a-w C:\Documents and Settings\HP_Administrator\9223.bat
2007-06-16 04:02 167 ----a-w C:\Documents and Settings\HP_Administrator\5619.bat
2007-06-15 16:08 167 ----a-w C:\Documents and Settings\HP_Administrator\7207.bat
2007-06-15 06:48 167 ----a-w C:\Documents and Settings\HP_Administrator\9112.bat
2007-06-15 05:58 167 ----a-w C:\Documents and Settings\HP_Administrator\9963.bat
2007-06-15 04:19 167 ----a-w C:\Documents and Settings\HP_Administrator\9566.bat
2007-06-15 01:41 167 ----a-w C:\Documents and Settings\HP_Administrator\6408.bat
2007-06-14 18:51 167 ----a-w C:\Documents and Settings\HP_Administrator\2314.bat
2007-06-13 17:43 167 ----a-w C:\Documents and Settings\HP_Administrator\3116.bat
2007-06-11 20:04 167 ----a-w C:\Documents and Settings\HP_Administrator\5853.bat
2007-06-11 19:12 167 ----a-w C:\Documents and Settings\HP_Administrator\2670.bat
2007-06-10 19:58 167 ----a-w C:\Documents and Settings\HP_Administrator\9174.bat
2007-06-10 07:44 167 ----a-w C:\Documents and Settings\HP_Administrator\3197.bat
2007-06-10 03:59 167 ----a-w C:\Documents and Settings\HP_Administrator\8785.bat
2007-02-26 17:53 67,048 ----a-w C:\Program Files\INSTALL.LOG
.
<pre>
----a-w			50,776 2008-06-19 01:09:15  C:\Program Files\America Online 9.0\AOL .EXE
----a-w		 1,896,448 2008-06-18 00:56:54  C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager .exe
----a-w		   884,736 2008-01-31 21:52:09  C:\Program Files\BellSouth\HelpCenter\ssGet			 .exe
----a-w		   543,232 2008-06-18 00:56:49  C:\Program Files\BellSouthWCC\McciTrayApp .exe
----a-w			50,736 2008-06-18 00:57:04  C:\Program Files\Common Files\AOL\1164764026\EE\aolsoftware .exe
----a-w			71,216 2008-06-18 00:56:38  C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
----a-w			81,920 2008-06-18 00:57:10  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   221,184 2008-06-18 00:59:39  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w		   180,269 2008-06-19 01:00:12  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		 1,077,248 2008-06-18 00:56:29  C:\Program Files\DISC\DISCover .exe
----a-w			61,440 2008-06-18 00:56:31  C:\Program Files\DISC\DiscUpdMgr .exe
----a-w			68,856 2008-02-17 02:55:24  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w			49,152 2008-06-18 00:56:27  C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe
----a-w			49,152 2008-06-18 00:56:37  C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
----a-w			90,112 2008-06-18 00:56:33  C:\Program Files\HP DigitalMedia Archive\DMAScheduler .exe
----a-w		   267,048 2008-06-18 00:57:05  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,694,208 2008-01-27 06:02:31  C:\Program Files\Messenger\msmsgs .exe
----a-w		 1,277,952 2008-06-18 00:56:54  C:\Program Files\Support.com\BellSouth\hcenter .exe
----a-w		 3,461,120 2008-06-17 22:17:31  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
----a-w			64,512 2008-06-17 22:06:05  C:\WINDOWS\ehome\ehtray .exe
----a-w		   237,568 2008-06-18 00:56:35  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			15,360 2008-01-24 20:49:10  C:\WINDOWS\system32\ctfmon .exe
----a-w		   419,328 2008-06-18 22:22:17  C:\WINDOWS\system32\service   .exe
----a-w		   419,328 2008-06-18 06:08:42  C:\WINDOWS\system32\service  .exe
----a-w		   419,328 2008-01-24 21:26:47  C:\WINDOWS\system32\service .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B93B362-B100-4DAF-B5BF-EDE30DB5BCF3}]
C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7260504-9D09-4E36-BD74-8ED3FFF888E2}]
C:\DOCUME~1\Guest\LOCALS~1\Temp\jkkll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-06-20 00:12 145984 --------- C:\WINDOWS\system32\mpxzkrai.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1184104-f2c4-46de-b62c-8ffc7610a25d}]
C:\WINDOWS\system32\uvmkdkob.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= "C:\WINDOWS\system32\mpxzkrai.dll" [2008-06-20 00:12 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 22:15 7311360]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [ ]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [ ]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [ ]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [ ]
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 14:08:24 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 21:40:44 282624]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-25 18:02:07 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt]
C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjihgh]
ljjihgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mpxzkrai]
mpxzkrai.dll 2008-06-20 00:12 145984 C:\WINDOWS\system32\mpxzkrai.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\WINDOWS\system32\akxlabtg.exe"= C:\WINDOWS\system32\akx
"C:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"C:\WINDOWS\system32\qofiplxv.exe"= C:\WINDOWS\system32\qof
"C:\WINDOWS\system32\kmhmlbln.exe"= C:\WINDOWS\system32\kmh
"C:\WINDOWS\system32\sttodput.exe"= C:\WINDOWS\system32\stt
"C:\WINDOWS\system32\gswsqpoo.exe"= C:\WINDOWS\system32\gsw
"C:\WINDOWS\system32\csiaeejv.exe"= C:\WINDOWS\system32\csi
"C:\WINDOWS\system32\tyhfepva.exe"= C:\WINDOWS\system32\tyh
"C:\WINDOWS\system32\wabbsdej.exe"= C:\WINDOWS\system32\wab
"C:\WINDOWS\system32\ycyrwjkn.exe"= C:\WINDOWS\system32\ycy
"C:\WINDOWS\system32\icwlklvp.exe"= C:\WINDOWS\system32\icw
"C:\WINDOWS\system32\osbhadml.exe"= C:\WINDOWS\system32\osb
"C:\WINDOWS\system32\htvjxdqh.exe"= C:\WINDOWS\system32\htv
"C:\WINDOWS\system32\pyiwsoma.exe"= C:\WINDOWS\system32\pyi
"C:\WINDOWS\system32\ixymdljx.exe"= C:\WINDOWS\system32\ixy
"C:\WINDOWS\system32\wvacbikw.exe"= C:\WINDOWS\system32\wva
"C:\WINDOWS\system32\ljfgdscq.exe"= C:\WINDOWS\system32\ljf
"C:\WINDOWS\system32\qaeuspms.exe"= C:\WINDOWS\system32\qae
"C:\WINDOWS\system32\ubgowaby.exe"= C:\WINDOWS\system32\ubg
"C:\WINDOWS\system32\mqpsdceu.exe"= C:\WINDOWS\system32\mqp
"C:\WINDOWS\system32\wdueiqky.exe"= C:\WINDOWS\system32\wdu
"C:\WINDOWS\system32\cdjtrhmd.exe"= C:\WINDOWS\system32\cdj
"C:\WINDOWS\system32\cfpmikhh.exe"= C:\WINDOWS\system32\cfp
"C:\WINDOWS\system32\aysmskui.exe"= C:\WINDOWS\system32\ays
"C:\WINDOWS\system32\hrwffhmc.exe"= C:\WINDOWS\system32\hrw
"C:\WINDOWS\system32\pxaensqp.exe"= C:\WINDOWS\system32\pxa
"C:\WINDOWS\system32\ycjdydad.exe"= C:\WINDOWS\system32\ycj
"C:\WINDOWS\system32\kayibnpr.exe"= C:\WINDOWS\system32\kay
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\WINDOWS\system32\vffmagei.exe"= C:\WINDOWS\system32\vff
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\WINDOWS\system32\smfnwrol.exe"= C:\WINDOWS\system32\smf
"C:\WINDOWS\system32\sruardit.exe"= C:\WINDOWS\system32\sru
"C:\WINDOWS\system32\wgtbvmcq.exe"= C:\WINDOWS\system32\wgt
"C:\WINDOWS\system32\cudkcaws.exe"= C:\WINDOWS\system32\cud
"C:\WINDOWS\system32\ydhcxmcy.exe"= C:\WINDOWS\system32\ydh
"C:\WINDOWS\system32\xourrsgl.exe"= C:\WINDOWS\system32\xou

R0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys [2004-08-09 22:34]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 GetDataMip;GetDataMip;C:\Program Files\GetData\Mount Image Pro v2\mip32.sys [2007-10-30 15:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 18:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 00:46:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\mpxzkrai.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-06-20 0:50:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 04:50:25

Pre-Run: 192,397,377,536 bytes free
Post-Run: 199,073,562,624 bytes free

1215 --- E O F --- 2007-12-22 08:01:40

there's the rest
  • 0

#6
df8665
Posted 20 June 2008 - 01:17 AM

df8665

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here's my hijack this log...the security toolbar is still showing up though

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:21 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\analyse.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {6B93B362-B100-4DAF-B5BF-EDE30DB5BCF3} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: (no name) - {A7260504-9D09-4E36-BD74-8ED3FFF888E2} - C:\DOCUME~1\Guest\LOCALS~1\Temp\jkkll.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mpxzkrai.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {d52a0167-cff8-c26b-ed64-4c2f4014811c} - {c1184104-f2c4-46de-b62c-8ffc7610a25d} - C:\WINDOWS\system32\uvmkdkob.dll (file missing)
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mpxzkrai.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm035YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.co...tg.1.0.0.33.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...29.8/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAB07CD-279A-4C52-B5E8-3FBA25EC8D36}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6343AA9-5CD0-4715-9210-0AF642D57EAD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EC93FC-8E14-45EE-A72B-EFC40D0ECD9D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D10538-B052-4819-A0D1-5E08B0F3272D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB684270-F371-4E9D-9226-97152B418883}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD908A54-F663-45A8-8B73-E007C80A4583}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: ljjihgh - ljjihgh.dll (file missing)
O20 - Winlogon Notify: mpxzkrai - C:\WINDOWS\SYSTEM32\mpxzkrai.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9998 bytes
  • 0

#7
andrewuk
Posted 20 June 2008 - 12:19 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

...the security toolbar is still showing up though

i suspect it will do until towards the end of this fix, i can see plenty other infections that we have to deal with first

firstly a couple of questions:

1. do you recognise this address, is it your ISP or company? UkrTeleGroup Ltd., UkrTeleGroup Ltd., Mechnikova 58/5, 65029 Odessa, Ukraine

2. do you have an antivirus program on your machine? i cant see one? if you dont, just let me know and we will install one once we have cleared some key infections.

which we will do now........



1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\mpxzkrai.dll
C:\WINDOWS\system32\uvmkdkob.dll
C:\WINDOWS\system32\mpxzkrai.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B93B362-B100-4DAF-B5BF-EDE30DB5BCF3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7260504-9D09-4E36-BD74-8ED3FFF888E2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1184104-f2c4-46de-b62c-8ffc7610a25d}]
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjihgh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mpxzkrai]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-

RenV::
C:\Program Files\America Online 9.0\AOL .EXE
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager .exe
C:\Program Files\BellSouth\HelpCenter\ssGet			 .exe
C:\Program Files\BellSouthWCC\McciTrayApp .exe
C:\Program Files\Common Files\AOL\1164764026\EE\aolsoftware .exe
C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\DISC\DISCover .exe
C:\Program Files\DISC\DiscUpdMgr .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe
C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Support.com\BellSouth\hcenter .exe
C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\service   .exe
C:\WINDOWS\system32\service  .exe
C:\WINDOWS\system32\service .exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

could you also let me know the answer to the above questions.

andrewuk
  • 0

#8
df8665
Posted 20 June 2008 - 03:12 PM

df8665

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
1.no i dont recognize that company at all im sure its not my isp
2.i dont think i have any antivirus programs

here's the combo fix log..
ComboFix 08-06-19.1 - HP_Administrator 2008-06-20 16:49:29.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1577 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\mpxzkrai.dll
C:\WINDOWS\system32\uvmkdkob.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mpxzkrai.dll
C:\WINDOWS\system32\mpxzkrai.dllbox
C:\WINDOWS\system32\service.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 02:34 . 2008-06-20 02:53 <DIR> d-------- C:\Hjt
2008-06-19 12:28 . 2008-06-19 12:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-19 02:17 . 2008-06-20 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 02:09 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-06-18 02:08 . 2008-06-18 02:09 <DIR> d-------- C:\Program Files\Syncrosoft
2008-06-18 02:08 . 2005-02-01 04:34 700,416 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-06-18 02:08 . 2004-05-11 00:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-06-18 02:08 . 2003-08-01 05:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-06-18 02:08 . 2003-05-27 00:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-06-18 02:08 . 2003-05-27 00:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-06-18 02:08 . 2002-11-25 17:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-06-18 02:08 . 2001-04-09 14:03 17,784 --a------ C:\WINDOWS\system32\drivers\NSynas32.sys
2008-06-18 02:08 . 2002-11-25 14:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 20:49 --------- d-----w C:\Program Files\iTunes
2008-06-20 20:49 --------- d-----w C:\Program Files\HP DigitalMedia Archive
2008-06-20 20:49 --------- d-----w C:\Program Files\DISC
2008-06-20 20:49 --------- d-----w C:\Program Files\BellSouthWCC
2008-06-20 20:49 --------- d-----w C:\Program Files\America Online 9.0
2008-06-20 15:28 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-06-19 09:14 --------- d-----w C:\Program Files\QuickTime
2008-06-19 09:13 --------- d-----w C:\Program Files\music_now
2008-06-18 06:10 --------- d-----w C:\Program Files\VstPlugins
2008-06-17 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-09 19:56 167 ----a-w C:\Documents and Settings\HP_Administrator\6297.bat
2007-07-09 19:53 167 ----a-w C:\Documents and Settings\HP_Administrator\6455.bat
2007-07-09 14:24 167 ----a-w C:\Documents and Settings\HP_Administrator\4331.bat
2007-07-08 00:42 167 ----a-w C:\Documents and Settings\HP_Administrator\5767.bat
2007-07-08 00:32 167 ----a-w C:\Documents and Settings\HP_Administrator\8172.bat
2007-07-07 21:25 167 ----a-w C:\Documents and Settings\HP_Administrator\2742.bat
2007-07-06 00:33 167 ----a-w C:\Documents and Settings\HP_Administrator\4312.bat
2007-06-18 00:46 167 ----a-w C:\Documents and Settings\HP_Administrator\5382.bat
2007-06-17 19:06 167 ----a-w C:\Documents and Settings\HP_Administrator\9774.bat
2007-06-17 18:29 167 ----a-w C:\Documents and Settings\HP_Administrator\3440.bat
2007-06-17 18:02 167 ----a-w C:\Documents and Settings\HP_Administrator\1000.bat
2007-06-16 14:52 167 ----a-w C:\Documents and Settings\HP_Administrator\9223.bat
2007-06-16 04:02 167 ----a-w C:\Documents and Settings\HP_Administrator\5619.bat
2007-06-15 16:08 167 ----a-w C:\Documents and Settings\HP_Administrator\7207.bat
2007-06-15 06:48 167 ----a-w C:\Documents and Settings\HP_Administrator\9112.bat
2007-06-15 05:58 167 ----a-w C:\Documents and Settings\HP_Administrator\9963.bat
2007-06-15 04:19 167 ----a-w C:\Documents and Settings\HP_Administrator\9566.bat
2007-06-15 01:41 167 ----a-w C:\Documents and Settings\HP_Administrator\6408.bat
2007-06-14 18:51 167 ----a-w C:\Documents and Settings\HP_Administrator\2314.bat
2007-06-13 17:43 167 ----a-w C:\Documents and Settings\HP_Administrator\3116.bat
2007-06-11 20:04 167 ----a-w C:\Documents and Settings\HP_Administrator\5853.bat
2007-06-11 19:12 167 ----a-w C:\Documents and Settings\HP_Administrator\2670.bat
2007-06-10 19:58 167 ----a-w C:\Documents and Settings\HP_Administrator\9174.bat
2007-06-10 07:44 167 ----a-w C:\Documents and Settings\HP_Administrator\3197.bat
2007-06-10 03:59 167 ----a-w C:\Documents and Settings\HP_Administrator\8785.bat
2007-02-26 17:53 67,048 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2008-06-20_ 0.50.08.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 04:45:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 20:53:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-08-06 03:56:34 64,512 ----a-w C:\WINDOWS\ehome\ehtray.exe
+ 2008-06-17 22:06:05 64,512 ----a-w C:\WINDOWS\ehome\ehtray.exe
+ 2008-06-18 00:56:35 237,568 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE
- 2004-08-10 04:00:00 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2008-01-24 20:49:10 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2004-08-10 04:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-01-24 20:49:10 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
- 2005-08-06 03:56:34 64,512 ----a-w C:\WINDOWS\system32\dllcache\ehtray.exe
+ 2008-06-17 22:06:05 64,512 ----a-w C:\WINDOWS\system32\dllcache\ehtray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-24 16:49 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 22:55 68856]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2008-06-18 21:09 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2008-06-17 18:06 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 22:15 7311360]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-06-17 20:56 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2008-06-17 20:56 1077248]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2008-06-17 20:56 90112]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 21:00 180269]
"BellSouthAlertManager.exe"="C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2008-06-17 20:56 1896448]
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [2008-06-17 20:56 1277952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-17 20:57 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 14:08:24 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 21:40:44 282624]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-25 18:02:07 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\WINDOWS\system32\akxlabtg.exe"= C:\WINDOWS\system32\akx
"C:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"C:\WINDOWS\system32\qofiplxv.exe"= C:\WINDOWS\system32\qof
"C:\WINDOWS\system32\kmhmlbln.exe"= C:\WINDOWS\system32\kmh
"C:\WINDOWS\system32\sttodput.exe"= C:\WINDOWS\system32\stt
"C:\WINDOWS\system32\gswsqpoo.exe"= C:\WINDOWS\system32\gsw
"C:\WINDOWS\system32\csiaeejv.exe"= C:\WINDOWS\system32\csi
"C:\WINDOWS\system32\tyhfepva.exe"= C:\WINDOWS\system32\tyh
"C:\WINDOWS\system32\wabbsdej.exe"= C:\WINDOWS\system32\wab
"C:\WINDOWS\system32\ycyrwjkn.exe"= C:\WINDOWS\system32\ycy
"C:\WINDOWS\system32\icwlklvp.exe"= C:\WINDOWS\system32\icw
"C:\WINDOWS\system32\osbhadml.exe"= C:\WINDOWS\system32\osb
"C:\WINDOWS\system32\htvjxdqh.exe"= C:\WINDOWS\system32\htv
"C:\WINDOWS\system32\pyiwsoma.exe"= C:\WINDOWS\system32\pyi
"C:\WINDOWS\system32\ixymdljx.exe"= C:\WINDOWS\system32\ixy
"C:\WINDOWS\system32\wvacbikw.exe"= C:\WINDOWS\system32\wva
"C:\WINDOWS\system32\ljfgdscq.exe"= C:\WINDOWS\system32\ljf
"C:\WINDOWS\system32\qaeuspms.exe"= C:\WINDOWS\system32\qae
"C:\WINDOWS\system32\ubgowaby.exe"= C:\WINDOWS\system32\ubg
"C:\WINDOWS\system32\mqpsdceu.exe"= C:\WINDOWS\system32\mqp
"C:\WINDOWS\system32\wdueiqky.exe"= C:\WINDOWS\system32\wdu
"C:\WINDOWS\system32\cdjtrhmd.exe"= C:\WINDOWS\system32\cdj
"C:\WINDOWS\system32\cfpmikhh.exe"= C:\WINDOWS\system32\cfp
"C:\WINDOWS\system32\aysmskui.exe"= C:\WINDOWS\system32\ays
"C:\WINDOWS\system32\hrwffhmc.exe"= C:\WINDOWS\system32\hrw
"C:\WINDOWS\system32\pxaensqp.exe"= C:\WINDOWS\system32\pxa
"C:\WINDOWS\system32\ycjdydad.exe"= C:\WINDOWS\system32\ycj
"C:\WINDOWS\system32\kayibnpr.exe"= C:\WINDOWS\system32\kay
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\WINDOWS\system32\vffmagei.exe"= C:\WINDOWS\system32\vff
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\WINDOWS\system32\smfnwrol.exe"= C:\WINDOWS\system32\smf
"C:\WINDOWS\system32\sruardit.exe"= C:\WINDOWS\system32\sru
"C:\WINDOWS\system32\wgtbvmcq.exe"= C:\WINDOWS\system32\wgt
"C:\WINDOWS\system32\cudkcaws.exe"= C:\WINDOWS\system32\cud
"C:\WINDOWS\system32\ydhcxmcy.exe"= C:\WINDOWS\system32\ydh
"C:\WINDOWS\system32\xourrsgl.exe"= C:\WINDOWS\system32\xou

R0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys [2004-08-09 22:34]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 GetDataMip;GetDataMip;C:\Program Files\GetData\Mount Image Pro v2\mip32.sys [2007-10-30 15:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 18:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 16:54:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Support.com\bin\jobcheck.exe
C:\Program Files\Support.com\bin\jobcheck.exe
C:\Program Files\Support.com\bin\jobcheck.exe
C:\Program Files\Support.com\bin\tgshell.exe
C:\Program Files\Support.com\bin\tgshell.exe
C:\Program Files\Support.com\bin\tgshell.exe
.
**************************************************************************
.
Completion time: 2008-06-20 17:01:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 21:01:06
ComboFix2.txt 2008-06-20 06:49:34
ComboFix3.txt 2008-06-20 06:17:52
ComboFix4.txt 2008-06-20 05:53:30
ComboFix5.txt 2008-06-20 05:40:33

Pre-Run: 200,426,868,736 bytes free
Post-Run: 200,408,666,112 bytes free

244 --- E O F --- 2008-06-20 20:38:22
  • 0

#9
df8665
Posted 20 June 2008 - 03:20 PM

df8665

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here's my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:58 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\analyse.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm035YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.co...tg.1.0.0.33.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...29.8/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAB07CD-279A-4C52-B5E8-3FBA25EC8D36}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6343AA9-5CD0-4715-9210-0AF642D57EAD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EC93FC-8E14-45EE-A72B-EFC40D0ECD9D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D10538-B052-4819-A0D1-5E08B0F3272D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB684270-F371-4E9D-9226-97152B418883}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD908A54-F663-45A8-8B73-E007C80A4583}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10057 bytes
  • 0

#10
andrewuk
Posted 20 June 2008 - 04:44 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will remove the remaining infections i can see and install, update and run an antivirus program and then see where we stand. i suspect we will need to do a couple more posts to wrap it up after this.




====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop

O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm035YYUS

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAB07CD-279A-4C52-B5E8-3FBA25EC8D36}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6343AA9-5CD0-4715-9210-0AF642D57EAD}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EC93FC-8E14-45EE-A72B-EFC40D0ECD9D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D10538-B052-4819-A0D1-5E08B0F3272D}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB684270-F371-4E9D-9226-97152B418883}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD908A54-F663-45A8-8B73-E007C80A4583}: NameServer = 85.255.116.18,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB1B267-7AA8-4EE3-839E-24EEB9B042AD}: NameServer = 85.255.116.18,85.255.112.67

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 3====
Now to download an antivirus. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer.

Please go http://www.avast.com.../down_home.html and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial http://www.schmahl.n...astbootscan.htm it may make it easier to you to follow the steps.

Next, choose
Scan all local disks
scan archive files
click on Schedule
On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

On completion of the boot scan there will be a report at this location C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt Please post that in your next reply.



====STEP 4====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



In your next reply could i see:
1. the AswBoot.txt log
2. the 2 DSS logs (though there may only be one)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#11
andrewuk
Posted 24 June 2008 - 03:59 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP