Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
antivirus popup
Options
-
27-02-2008 5:27pmHi Actorseeksjob,
I just picked your name out of the many computer gurus on the forum so I hope you don't mind.
For one reason or another my desktop at home now has a trojan on it (the one where a message box pops up every couple of minutes telling you to download spyware and that my computer is making unwanted copies of my files and systems... I havent tried to download its 'recommended spyware') I just want to know the best way to get rid of it... do you have a reliable program I can download? Or Instructions on how to get rid of it? Also what software should I have for future protection.
Thanks so much!!
Ivory66.0
Comments
-
Hello
- Download FixIEDef.exe by ShadowPuterDude to the Desktop.
- Double-click FixIEDef.exe.
- Click the Extract Button.
- There will be a new folder on your desktop. Locate the FixIEDef folder and double click.
- Locate FixIEDef.bat and double-click on it.
WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process
NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
FixIEDef will now run. - You can safely close the Command Console after Explorer has restarted.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See: http://www.beyondlogic.org/consulting/proc...processutil.htm
Please download Deckard's System Scanner (DSS) and save it to your Desktop.- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
0 - Download FixIEDef.exe by ShadowPuterDude to the Desktop.
-
Hi,
I have downloaded the fixieDEF file to my desktop.
This is the result of the scan!
********************************************************************************
* *
* FixIEDef Log *
* Version 1.2.10.3004 *
* *
********************************************************************************
Created at 01:20:09 on Saturday, March 01, 2008
Time Zone : (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Operating System : Microsoft Windows XP Home Edition
Service Pack Level: Service Pack 2
System Langauge : English
Processor : X86
Boot State : Normal boot
!!! Files that have been deleted !!!
No malicious files found
!!! Directories that have been removed !!!
No malicious directories to be removed
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done
ShadowPuterDude
Safe Surfing!!!
What happens next?0 -
Deckard's System Scanner v20071014.68
Run by Yvonne on 2008-03-01 01:35:40
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
57: 2008-03-01 01:35:50 UTC - RP426 - Deckard's System Scanner Restore Point
56: 2008-02-29 14:03:33 UTC - RP425 - System Checkpoint
55: 2008-02-28 12:42:13 UTC - RP424 - System Checkpoint
54: 2008-02-27 12:03:48 UTC - RP423 - System Checkpoint
53: 2008-02-26 10:29:16 UTC - RP422 - System Checkpoint
-- First Restore Point --
1: 2007-12-01 14:39:05 UTC - RP370 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 510 MiB (512 MiB recommended).
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-01 01:38:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee.com\VSO\mcvsrte.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe
C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Seekmo\bin\10.0.345.0\Srv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Yvonne\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O1 - Hosts: 10.18.250.4 ad.doubleclick.net
O1 - Hosts: 10.18.250.4 ad.fastclick.net
O1 - Hosts: 10.18.250.4 ads.fastclick.net
O1 - Hosts: 10.18.250.4 ar.atwola.com
O1 - Hosts: 10.18.250.4 atdmt.com
O1 - Hosts: 10.18.250.4 avp.ch
O1 - Hosts: 10.18.250.4 avp.com
O1 - Hosts: 10.18.250.4 avp.ru
O1 - Hosts: 10.18.250.4 awaps.net
O1 - Hosts: 10.18.250.4 banner.fastclick.net
O1 - Hosts: 10.18.250.4 banners.fastclick.net
O1 - Hosts: 10.18.250.4 ca.com
O1 - Hosts: 10.18.250.4 click.atdmt.com
O1 - Hosts: 10.18.250.4 clicks.atdmt.com
O1 - Hosts: 10.18.250.4 customer.symantec.com
O1 - Hosts: 10.18.250.4 dispatch.mcafee.com
O1 - Hosts: 10.18.250.4 download.mcafee.com
O1 - Hosts: 10.18.250.4 download.microsoft.com
O1 - Hosts: 10.18.250.4 downloads-us1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads-us2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads-us3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads.microsoft.com
O1 - Hosts: 10.18.250.4 downloads1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads4.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 engine.awaps.net
O1 - Hosts: 10.18.250.4 f-secure.com
O1 - Hosts: 10.18.250.4 fastclick.net
O1 - Hosts: 10.18.250.4 ftp.avp.ch
O1 - Hosts: 10.18.250.4 ftp.downloads1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.downloads3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.f-secure.com
O1 - Hosts: 10.18.250.4 ftp.kasperskylab.ru
O1 - Hosts: 10.18.250.4 ftp.sophos.com
O1 - Hosts: 10.18.250.4 go.microsoft.com
O1 - Hosts: 10.18.250.4 ids.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 kaspersky-labs.com
O1 - Hosts: 10.18.250.4 kaspersky.com
O1 - Hosts: 10.18.250.4 liveupdate.symantec.com
O1 - Hosts: 10.18.250.4 liveupdate.symantecliveupdate.com
O1 - Hosts: 10.18.250.4 mast.mcafee.com
O1 - Hosts: 10.18.250.4 mcafee.com
O1 - Hosts: 10.18.250.4 media.fastclick.net
O1 - Hosts: 10.18.250.4 microsoft.com
O1 - Hosts: 10.18.250.4 msdn.microsoft.com
O1 - Hosts: 10.18.250.4 my-etrust.com
O1 - Hosts: 10.18.250.4 nai.com
O1 - Hosts: 10.18.250.4 networkassociates.com
O1 - Hosts: 10.18.250.4 norton.com
O1 - Hosts: 10.18.250.4 office.microsoft.com
O1 - Hosts: 10.18.250.4 pandasoftware.com
O1 - Hosts: 10.18.250.4 phx.corporate-ir.net
O1 - Hosts: 10.18.250.4 rads.mcafee.com
O1 - Hosts: 10.18.250.4 secure.nai.com
O1 - Hosts: 10.18.250.4 securityresponse.symantec.com
O1 - Hosts: 10.18.250.4 service1.symantec.com
O1 - Hosts: 10.18.250.4 sophos.com
O1 - Hosts: 10.18.250.4 spd.atdmt.com
O1 - Hosts: 10.18.250.4 support.microsoft.com
O1 - Hosts: 10.18.250.4 symantec.com
O1 - Hosts: 10.18.250.4 trendmicro.com
O1 - Hosts: 10.18.250.4 update.symantec.com
O1 - Hosts: 10.18.250.4 updates.symantec.com
O1 - Hosts: 10.18.250.4 updates1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates4.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates5.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 us.mcafee.com
O1 - Hosts: 10.18.250.4 vil.nai.com
O1 - Hosts: 10.18.250.4 viruslist.com
O1 - Hosts: 10.18.250.4 viruslist.ru
O1 - Hosts: 10.18.250.4 virusscan.jotti.org
O1 - Hosts: 10.18.250.4 virustotal.com
O1 - Hosts: 10.18.250.4 windowsupdate.microsoft.com
O1 - Hosts: 10.18.250.4 www.avp.ch
O1 - Hosts: 10.18.250.4 www.avp.com
O1 - Hosts: 10.18.250.4 www.avp.ru
O1 - Hosts: 10.18.250.4 www.awaps.net
O1 - Hosts: 10.18.250.4 www.ca.com
O1 - Hosts: 10.18.250.4 www.f-secure.com
O1 - Hosts: 10.18.250.4 www.fastclick.net
O1 - Hosts: 10.18.250.4 www.grisoft.com
O1 - Hosts: 10.18.250.4 www.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 www.kaspersky.com
O1 - Hosts: 10.18.250.4 www.kaspersky.ru
O1 - Hosts: 10.18.250.4 www.mcafee.com
O1 - Hosts: 10.18.250.4 www.microsoft.com
O1 - Hosts: 10.18.250.4 www.my-etrust.com
O1 - Hosts: 10.18.250.4 www.nai.com
O1 - Hosts: 10.18.250.4 www.networkassociates.com
O1 - Hosts: 10.18.250.4 www.pandasoftware.com
O1 - Hosts: 10.18.250.4 www.sophos.com
O1 - Hosts: 10.18.250.4 www.symantec.com
O1 - Hosts: 10.18.250.4 www.trendmicro.com
O1 - Hosts: 10.18.250.4 www.viruslist.com
O1 - Hosts: 10.18.250.4 www.viruslist.ru
O1 - Hosts: 10.18.250.4 www.virustotal.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C3E1167F9EA975760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} () - http://207.226.177.98/dba1402.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCEserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
--
End of file - 18008 bytes
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
R2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - c:\windows\system32\drivers\nwlnkipx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 NwlnkNb (NWLink NetBIOS) - c:\windows\system32\drivers\nwlnknb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 NwlnkSpx (NWLink SPX/SPXII Protocol) - c:\windows\system32\drivers\nwlnkspx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel(R) 537EP V9x DFV PCI Modem>
R3 NaiFiltr - c:\windows\system32\drivers\naifiltr.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
S3 usbcm (USB Cable Modem 351000 NDIS Driver) - c:\windows\system32\drivers\usbcm.sys <Not Verified; Microsystems Corp; USBCM 351000>
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 NwSapAgent (SAP Agent) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
S2 LXCECustomerConnect - c:\windows\system32\spool\drivers\w32x86\3\\lxceserv.exe (file missing)
S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; Networks Associates Technology. Inc.; McAfee SpamKiller>
-- Device Manager: Disabled
No disabled devices found.
-- Scheduled Tasks
2008-03-01 01:39:00 476 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Chris).job
2008-03-01 01:38:00 478 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Yvonne).job
2008-03-01 01:38:00 476 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Shawn).job
2008-03-01 01:37:00 476 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Owner).job
2008-03-01 01:35:00 474 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Karl).job
2008-03-01 01:35:00 480 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Jasmine).job
2008-03-01 01:02:44 352 --a
C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DJSZ9L1J-Yvonne).job
-- Files created between 2008-02-01 and 2008-03-01
2008-03-01 00:57:08 0 d
C:\Documents and Settings\Shawn\Application Data\U3
2008-02-25 19:29:10 0 d
C:\Documents and Settings\Shawn\Application Data\Seekmo
2008-02-25 19:29:06 0 d
C:\Documents and Settings\Shawn\Application Data\Google
2008-02-25 13:32:40 1329 --a
C:\Documents and Settings\Jasmine\xl10050.exe
2008-02-25 13:32:40 9728 --a
C:\Documents and Settings\Jasmine\Application Data\printer.exe
2008-02-25 13:32:40 18944 --a
C:\Documents and Settings\Jasmine\Application Data\nvsvc1024.dll
2008-02-25 11:26:29 0 d
C:\Program Files\Disney
2008-02-22 12:59:09 18944 --a
C:\WINDOWS\system32\wowfx.dll
2008-02-22 12:59:09 9728 --a
C:\WINDOWS\system32\spoolvs.exe
2008-02-22 12:59:09 1329 --a
C:\Documents and Settings\Yvonne\xl10050.exe
2008-02-22 12:59:08 9728 --a
C:\Documents and Settings\Yvonne\Application Data\printer.exe
2008-02-12 14:05:30 0 d
C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-12 14:03:55 0 d
C:\Program Files\Dell Support Center
2008-02-12 14:03:21 0 d
C:\Program Files\Common Files\supportsoft
-- Find3M Report
2008-03-01 01:21:05 0 d
C:\Documents and Settings\Yvonne\Application Data\Skype
2008-02-29 23:50:10 0 d
C:\Documents and Settings\Yvonne\Application Data\U3
2008-02-20 10:59:41 0 d
C:\Documents and Settings\Yvonne\Application Data\Apple Computer
2008-02-12 14:03:21 0 d
C:\Program Files\Common Files
2008-02-12 13:53:49 0 d
C:\Documents and Settings\Yvonne\Application Data\Adobe
2008-01-08 00:43:05 0 d--h
C:\Program Files\CanonBJ
2008-01-07 23:53:44 0 d
C:\Program Files\Canon
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
02/08/2007 18:45 652552 --a
C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}"= C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll [02/08/2007 18:45 652552]
[-HKEY_CLASSES_ROOT\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Printer"="C:\WINDOWS\system32\printer.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [17/08/2004 17:29]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [17/08/2004 17:26]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [01/07/2004 14:15]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [17/08/2004 15:55]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 00:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 16:48]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14/10/2004 18:42]
"SeekmoSA"="C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe" [02/08/2007 18:48]
"SeekmoOE"="C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe" [02/08/2007 18:45]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/04/2005 14:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [23/04/2006 09:47]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 19:15]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [03/08/2004 17:18]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [16/06/2004 22:33]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [22/08/2004 14:31]
"links"="links.exe" []
"iTunesHelper"="C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe" [23/02/2006 14:45]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 19:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 09:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 09:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 09:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/10/2004 15:54]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 00:05]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [10/09/2002 20:26]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [16/02/2004 13:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [06/07/2005 18:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [20/10/2007 21:09]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [13/09/2007 12:31]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
C:\Documents and Settings\Yvonne\Start Menu\Programs\Startup\
findfast.exe [06/07/2005 18:43:45]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [08/04/2005 14:23:49]
autorun.exe [06/07/2005 18:50:55]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 11:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
-- Hosts
10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
90 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-03-01 01:39:52
Deckard's System Scanner v20071014.68
Run by Yvonne on 2008-03-01 01:35:40
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
57: 2008-03-01 01:35:50 UTC - RP426 - Deckard's System Scanner Restore Point
56: 2008-02-29 14:03:33 UTC - RP425 - System Checkpoint
55: 2008-02-28 12:42:13 UTC - RP424 - System Checkpoint
54: 2008-02-27 12:03:48 UTC - RP423 - System Checkpoint
53: 2008-02-26 10:29:16 UTC - RP422 - System Checkpoint
-- First Restore Point --
1: 2007-12-01 14:39:05 UTC - RP370 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 510 MiB (512 MiB recommended).
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-01 01:38:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee.com\VSO\mcvsrte.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe
C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Seekmo\bin\10.0.345.0\Srv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Yvonne\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O1 - Hosts: 10.18.250.4 ad.doubleclick.net
O1 - Hosts: 10.18.250.4 ad.fastclick.net
O1 - Hosts: 10.18.250.4 ads.fastclick.net
O1 - Hosts: 10.18.250.4 ar.atwola.com
O1 - Hosts: 10.18.250.4 atdmt.com
O1 - Hosts: 10.18.250.4 avp.ch
O1 - Hosts: 10.18.250.4 avp.com
O1 - Hosts: 10.18.250.4 avp.ru
O1 - Hosts: 10.18.250.4 awaps.net
O1 - Hosts: 10.18.250.4 banner.fastclick.net
O1 - Hosts: 10.18.250.4 banners.fastclick.net
O1 - Hosts: 10.18.250.4 ca.com
O1 - Hosts: 10.18.250.4 click.atdmt.com
O1 - Hosts: 10.18.250.4 clicks.atdmt.com
O1 - Hosts: 10.18.250.4 customer.symantec.com
O1 - Hosts: 10.18.250.4 dispatch.mcafee.com
O1 - Hosts: 10.18.250.4 download.mcafee.com
O1 - Hosts: 10.18.250.4 download.microsoft.com
O1 - Hosts: 10.18.250.4 downloads-us1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads-us2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads-us3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads.microsoft.com
O1 - Hosts: 10.18.250.4 downloads1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads4.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 engine.awaps.net
O1 - Hosts: 10.18.250.4 f-secure.com
O1 - Hosts: 10.18.250.4 fastclick.net
O1 - Hosts: 10.18.250.4 ftp.avp.ch
O1 - Hosts: 10.18.250.4 ftp.downloads1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.downloads3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.f-secure.com
O1 - Hosts: 10.18.250.4 ftp.kasperskylab.ru
O1 - Hosts: 10.18.250.4 ftp.sophos.com
O1 - Hosts: 10.18.250.4 go.microsoft.com
O1 - Hosts: 10.18.250.4 ids.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 kaspersky-labs.com
O1 - Hosts: 10.18.250.4 kaspersky.com
O1 - Hosts: 10.18.250.4 liveupdate.symantec.com
O1 - Hosts: 10.18.250.4 liveupdate.symantecliveupdate.com
O1 - Hosts: 10.18.250.4 mast.mcafee.com
O1 - Hosts: 10.18.250.4 mcafee.com
O1 - Hosts: 10.18.250.4 media.fastclick.net
O1 - Hosts: 10.18.250.4 microsoft.com
O1 - Hosts: 10.18.250.4 msdn.microsoft.com
O1 - Hosts: 10.18.250.4 my-etrust.com
O1 - Hosts: 10.18.250.4 nai.com
O1 - Hosts: 10.18.250.4 networkassociates.com
O1 - Hosts: 10.18.250.4 norton.com
O1 - Hosts: 10.18.250.4 office.microsoft.com
O1 - Hosts: 10.18.250.4 pandasoftware.com
O1 - Hosts: 10.18.250.4 phx.corporate-ir.net
O1 - Hosts: 10.18.250.4 rads.mcafee.com
O1 - Hosts: 10.18.250.4 secure.nai.com
O1 - Hosts: 10.18.250.4 securityresponse.symantec.com
O1 - Hosts: 10.18.250.4 service1.symantec.com
O1 - Hosts: 10.18.250.4 sophos.com
O1 - Hosts: 10.18.250.4 spd.atdmt.com
O1 - Hosts: 10.18.250.4 support.microsoft.com
O1 - Hosts: 10.18.250.4 symantec.com
O1 - Hosts: 10.18.250.4 trendmicro.com
O1 - Hosts: 10.18.250.4 update.symantec.com
O1 - Hosts: 10.18.250.4 updates.symantec.com
O1 - Hosts: 10.18.250.4 updates1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates4.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates5.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 us.mcafee.com
O1 - Hosts: 10.18.250.4 vil.nai.com
O1 - Hosts: 10.18.250.4 viruslist.com
O1 - Hosts: 10.18.250.4 viruslist.ru
O1 - Hosts: 10.18.250.4 virusscan.jotti.org
O1 - Hosts: 10.18.250.4 virustotal.com
O1 - Hosts: 10.18.250.4 windowsupdate.microsoft.com
O1 - Hosts: 10.18.250.4 www.avp.ch
O1 - Hosts: 10.18.250.4 www.avp.com
O1 - Hosts: 10.18.250.4 www.avp.ru
O1 - Hosts: 10.18.250.4 www.awaps.net
O1 - Hosts: 10.18.250.4 www.ca.com
O1 - Hosts: 10.18.250.4 www.f-secure.com
O1 - Hosts: 10.18.250.4 www.fastclick.net
O1 - Hosts: 10.18.250.4 www.grisoft.com
O1 - Hosts: 10.18.250.4 www.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 www.kaspersky.com
O1 - Hosts: 10.18.250.4 www.kaspersky.ru
O1 - Hosts: 10.18.250.4 www.mcafee.com
O1 - Hosts: 10.18.250.4 www.microsoft.com
O1 - Hosts: 10.18.250.4 www.my-etrust.com
O1 - Hosts: 10.18.250.4 www.nai.com
O1 - Hosts: 10.18.250.4 www.networkassociates.com
O1 - Hosts: 10.18.250.4 www.pandasoftware.com
O1 - Hosts: 10.18.250.4 www.sophos.com
O1 - Hosts: 10.18.250.4 www.symantec.com
O1 - Hosts: 10.18.250.4 www.trendmicro.com
O1 - Hosts: 10.18.250.4 www.viruslist.com
O1 - Hosts: 10.18.250.4 www.viruslist.ru
O1 - Hosts: 10.18.250.4 www.virustotal.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C3E1167F9EA975760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} () - http://207.226.177.98/dba1402.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCEserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
--
End of file - 18008 bytes
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
R2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - c:\windows\system32\drivers\nwlnkipx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 NwlnkNb (NWLink NetBIOS) - c:\windows\system32\drivers\nwlnknb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 NwlnkSpx (NWLink SPX/SPXII Protocol) - c:\windows\system32\drivers\nwlnkspx.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel(R) 537EP V9x DFV PCI Modem>
R3 NaiFiltr - c:\windows\system32\drivers\naifiltr.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
S3 usbcm (USB Cable Modem 351000 NDIS Driver) - c:\windows\system32\drivers\usbcm.sys <Not Verified; Microsystems Corp; USBCM 351000>
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 NwSapAgent (SAP Agent) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
S2 LXCECustomerConnect - c:\windows\system32\spool\drivers\w32x86\3\\lxceserv.exe (file missing)
S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; Networks Associates Technology. Inc.; McAfee SpamKiller>
-- Device Manager: Disabled
No disabled devices found.
-- Scheduled Tasks
2008-03-01 01:39:00 476 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Chris).job
2008-03-01 01:38:00 478 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Yvonne).job
2008-03-01 01:38:00 476 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Shawn).job
2008-03-01 01:37:00 476 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Owner).job
2008-03-01 01:35:00 474 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Karl).job
2008-03-01 01:35:00 480 --a
C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Jasmine).job
2008-03-01 01:02:44 352 --a
C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DJSZ9L1J-Yvonne).job
-- Files created between 2008-02-01 and 2008-03-01
2008-03-01 00:57:08 0 d
C:\Documents and Settings\Shawn\Application Data\U3
2008-02-25 19:29:10 0 d
C:\Documents and Settings\Shawn\Application Data\Seekmo
2008-02-25 19:29:06 0 d
C:\Documents and Settings\Shawn\Application Data\Google
2008-02-25 13:32:40 1329 --a
C:\Documents and Settings\Jasmine\xl10050.exe
2008-02-25 13:32:40 9728 --a
C:\Documents and Settings\Jasmine\Application Data\printer.exe
2008-02-25 13:32:40 18944 --a
C:\Documents and Settings\Jasmine\Application Data\nvsvc1024.dll
2008-02-25 11:26:29 0 d
C:\Program Files\Disney
2008-02-22 12:59:09 18944 --a
C:\WINDOWS\system32\wowfx.dll
2008-02-22 12:59:09 9728 --a
C:\WINDOWS\system32\spoolvs.exe
2008-02-22 12:59:09 1329 --a
C:\Documents and Settings\Yvonne\xl10050.exe
2008-02-22 12:59:08 9728 --a
C:\Documents and Settings\Yvonne\Application Data\printer.exe
2008-02-12 14:05:30 0 d
C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-12 14:03:55 0 d
C:\Program Files\Dell Support Center
2008-02-12 14:03:21 0 d
C:\Program Files\Common Files\supportsoft
-- Find3M Report
2008-03-01 01:21:05 0 d
C:\Documents and Settings\Yvonne\Application Data\Skype
2008-02-29 23:50:10 0 d
C:\Documents and Settings\Yvonne\Application Data\U3
2008-02-20 10:59:41 0 d
C:\Documents and Settings\Yvonne\Application Data\Apple Computer
2008-02-12 14:03:21 0 d
C:\Program Files\Common Files
2008-02-12 13:53:49 0 d
C:\Documents and Settings\Yvonne\Application Data\Adobe
2008-01-08 00:43:05 0 d--h
C:\Program Files\CanonBJ
2008-01-07 23:53:44 0 d
C:\Program Files\Canon
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
02/08/2007 18:45 652552 --a
C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}"= C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll [02/08/2007 18:45 652552]
[-HKEY_CLASSES_ROOT\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Printer"="C:\WINDOWS\system32\printer.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [17/08/2004 17:29]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [17/08/2004 17:26]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [01/07/2004 14:15]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [17/08/2004 15:55]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 00:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 16:48]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14/10/2004 18:42]
"SeekmoSA"="C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe" [02/08/2007 18:48]
"SeekmoOE"="C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe" [02/08/2007 18:45]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/04/2005 14:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [23/04/2006 09:47]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 19:15]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [03/08/2004 17:18]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [16/06/2004 22:33]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [22/08/2004 14:31]
"links"="links.exe" []
"iTunesHelper"="C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe" [23/02/2006 14:45]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 19:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 09:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 09:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 09:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/10/2004 15:54]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 00:05]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [10/09/2002 20:26]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [16/02/2004 13:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [06/07/2005 18:43]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [20/10/2007 21:09]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [13/09/2007 12:31]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
C:\Documents and Settings\Yvonne\Start Menu\Programs\Startup\
findfast.exe [06/07/2005 18:43:45]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [08/04/2005 14:23:49]
autorun.exe [06/07/2005 18:50:55]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 11:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
-- Hosts
10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
90 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-03-01 01:39:52
Deckard's System Scanner v20071014.68
Run by Yvonne on 2008-03-01 01:35:40
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
57: 2008-03-01 01:35:50 UTC - RP426 - Deckard's System Scanner Restore Point
56: 2008-02-29 14:03:33 UTC - RP425 - System Checkpoint
55: 2008-02-28 12:42:13 UTC - RP424 - System Checkpoint
54: 2008-02-27 12:03:48 UTC - RP423 - System Checkpoint
53: 2008-02-26 10:29:16 UTC - RP422 - System Checkpoint
-- First Restore Point --
1: 2007-12-01 14:39:05 UTC - RP370 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 510 MiB (512 MiB recommended).
-- HijackThis Clone
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-01 01:38:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee.com\VSO\mcvsrte.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe
C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Seekmo\bin\10.0.345.0\Srv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Yvonne\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie[/u0 -
Go and run DSS0
-
See DSS log above your reply.0
-
Advertisement
-
Hello
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
Please download SmitfraudFix (by S!Ri) to your Desktop.
Next, please reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
Seekmo
You have two firewalls, so you need to disable Windows firewall
1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.
Reboot and post a new DSS log0 -
Thanks for the mail.
I followed your instructions until i got to "select option 2 and and pressed enter" A pop-up with this instruction came up:
"proecss.exe - bad image - The application or dir c:\windows/system32/wowfx.dll is not a valid windows image. Please check this against your installation diskette.
I tried to close it but it won't let me and the computer did not do anything after that.
Similar pop-ups appear when i start my windows apptn mostly with the exe.files.
Pls advise.0 -
Ah ok, got a nasty infection
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
0 -
Hi,
I left my computer running for two days straight and it just seemed to stall. It showed some activity but just stopped. It was only when the pop-up showed and i clicked that it seemed to move on. Advise.0 -
Can you run ComboFix.exe in my previous post0
-
Advertisement
-
Hi,
I was able to download and run the file from your previous post.0 -
Can you post the log ? It should be at C:\ComboFix0
-
Hi,
I cannot find a log under C:\ComboFix. The program was stalling a lot and the screen was blank most of the time. There are some files under C:\ComboFix however i cannot open them (dat, exe files).
When i started running it, it appeared to be deleting some files and i can't find that either? Should i try it again?0 -
Don't go near those dat and exe files, they are malware
Do this
Please download Deckard's System Scanner (DSS) and save it to your Desktop.- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
0 -
Hi,
Here is the result of the scan. I received only the main.txt.
Deckard's System Scanner v20071014.68
Run by Yvonne on 2008-03-15 20:31:08
Computer is in Normal Mode.
Total Physical Memory: 510 MiB (512 MiB recommended).
-- HijackThis (run as Yvonne.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33, on 2008-03-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Yvonne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Yvonne.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C3E1167F9EA975760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba1402.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCEserv.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 11231 bytes
-- Files created between 2008-02-15 and 2008-03-15
2008-03-15 20:32:45 0 d
C:\Program Files\Trend Micro
2008-03-08 14:14:20 388608 --a
C:\WINDOWS\system32\CF30894.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-07 20:44:29 68096 --a
C:\WINDOWS\system32\zip.exe
2008-03-07 20:44:29 98816 --a
C:\WINDOWS\system32\sed.exe
2008-03-07 20:44:29 80412 --a
C:\WINDOWS\system32\grep.exe
2008-03-07 20:44:29 73728 --a
C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-07 20:38:37 388608 --a
C:\WINDOWS\system32\CF20651.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-07 17:08:37 388608 --a
C:\WINDOWS\system32\CF12272.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-07 01:03:57 53248 --a
C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-06 23:19:14 0 d
C:\ComboFix[1]
2008-03-06 23:18:24 388608 --a
C:\WINDOWS\system32\CF31956.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-02 19:43:55 25600 --a
C:\WINDOWS\system32\WS2Fix.exe
2008-03-02 19:43:55 289144 --a
C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-02 19:43:55 86016 --a
C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-02 19:43:55 288417 --a
C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-02 19:43:55 53248 --a
C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-02 19:43:55 82432 --a
C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-02 19:43:55 51200 --a
C:\WINDOWS\system32\dumphive.exe
2008-03-02 19:37:22 0 d
C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-02 19:37:22 0 d
C:\Documents and Settings\Administrator\Application Data\Sonic
2008-03-02 19:37:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-02 19:37:22 0 d
C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-03-02 19:37:22 0 d
C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-02 19:37:21 0 d--h
C:\Documents and Settings\Administrator\Templates
2008-03-02 19:37:21 0 dr
C:\Documents and Settings\Administrator\Start Menu
2008-03-02 19:37:21 0 dr-h
C:\Documents and Settings\Administrator\SendTo
2008-03-02 19:37:21 0 dr-h
C:\Documents and Settings\Administrator\Recent
2008-03-02 19:37:21 0 d--h
C:\Documents and Settings\Administrator\PrintHood
2008-03-02 19:37:21 0 d--h
C:\Documents and Settings\Administrator\NetHood
2008-03-02 19:37:21 0 dr
C:\Documents and Settings\Administrator\My Documents
2008-03-02 19:37:21 0 d--h
C:\Documents and Settings\Administrator\Local Settings
2008-03-02 19:37:21 0 dr
C:\Documents and Settings\Administrator\Favorites
2008-03-02 19:37:21 0 d
C:\Documents and Settings\Administrator\Desktop
2008-03-02 19:37:21 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-02 19:37:21 0 dr-h
C:\Documents and Settings\Administrator\Application Data
2008-03-02 19:37:21 0 d
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-03-02 19:37:20 786432 --ah
C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-01 00:57:08 0 d
C:\Documents and Settings\Shawn\Application Data\U3
2008-02-25 19:29:10 0 d
C:\Documents and Settings\Shawn\Application Data\Seekmo
2008-02-25 19:29:06 0 d
C:\Documents and Settings\Shawn\Application Data\Google
2008-02-25 13:32:40 1329 --a
C:\Documents and Settings\Jasmine\xl10050.exe
2008-02-25 13:32:40 18944 --a
C:\Documents and Settings\Jasmine\Application Data\nvsvc1024.dll
2008-02-25 11:26:29 0 d
C:\Program Files\Disney
2008-02-22 12:59:09 18944 --a
C:\WINDOWS\system32\wowfx.dll
2008-02-22 12:59:09 1329 --a
C:\Documents and Settings\Yvonne\xl10050.exe
-- Find3M Report
2008-03-15 19:53:05 0 d
C:\Documents and Settings\Yvonne\Application Data\Skype
2008-03-06 22:37:38 0 d
C:\Documents and Settings\Yvonne\Application Data\U3
2008-02-20 10:59:41 0 d
C:\Documents and Settings\Yvonne\Application Data\Apple Computer
2008-02-12 14:04:42 0 d
C:\Program Files\Dell Support Center
2008-02-12 14:03:55 0 d
C:\Program Files\Common Files\supportsoft
2008-02-12 14:03:21 0 d
C:\Program Files\Common Files
2008-02-12 13:53:49 0 d
C:\Documents and Settings\Yvonne\Application Data\Adobe
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}"= C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll [ ]
[-HKEY_CLASSES_ROOT\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Printer"="C:\WINDOWS\system32\printer.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 17:29]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 17:26]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 14:15]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 15:55]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 18:42]
"SeekmoOE"="C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-04-08 14:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-23 09:47]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2004-08-03 17:18]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-16 22:33]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 14:31]
"links"="links.exe" []
"iTunesHelper"="C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe" [2006-02-23 14:45]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 13:04]
"SeekmoSA"="C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 21:09]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-04-08 14:23:49]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 11:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a33255e9-c7aa-11dc-b037-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-03-15 20:33:26
Deckard's System Scanner v20071014.68
Run by Yvonne on 2008-03-15 20:31:08
Computer is in Normal Mode.
Total Physical Memory: 510 MiB (512 MiB recommended).
-- HijackThis (run as Yvonne.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33, on 2008-03-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Yvonne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Yvonne.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C3E1167F9EA975760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba1402.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCEserv.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 11231 bytes
-- Files created between 2008-02-15 and 2008-03-15
2008-03-15 20:32:45 0 d
C:\Program Files\Trend Micro
2008-03-08 14:14:20 388608 --a
C:\WINDOWS\system32\CF30894.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-07 20:44:29 68096 --a
C:\WINDOWS\system32\zip.exe
2008-03-07 20:44:29 98816 --a
C:\WINDOWS\system32\sed.exe
2008-03-07 20:44:29 80412 --a
C:\WINDOWS\system32\grep.exe
2008-03-07 20:44:29 73728 --a
C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-07 20:38:37 388608 --a
C:\WINDOWS\system32\CF20651.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-07 17:08:37 388608 --a
C:\WINDOWS\system32\CF12272.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-07 01:03:57 53248 --a
C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-06 23:19:14 0 d
C:\ComboFix[1]
2008-03-06 23:18:24 388608 --a
C:\WINDOWS\system32\CF31956.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-02 19:43:55 25600 --a
C:\WINDOWS\system32\WS2Fix.exe
2008-03-02 19:43:55 289144 --a
C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-02 19:43:55 86016 --a
C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-02 19:43:55 288417 --a
C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-02 19:43:55 53248 --a
C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-02 19:43:55 82432 --a
C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-02 19:43:55 51200 --a
C:\WINDOWS\system32\dumphive.exe
2008-03-02 19:37:22 0 d
C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-02 19:37:22 0 d
C:\Documents and Settings\Administrator\Application Data\Sonic
2008-03-02 19:37:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-02 19:37:22 0 d
C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-03-02 19:37:22 0 d
C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-02 19:37:21 0 d--h
C:\Documents and Settings\Administrator\Templates
2008-03-02 19:37:21 0 dr
C:\Documents and Settings\Administrator\Start Menu
2008-03-02 19:37:21 0 dr-h
C:\Documents and Settings\Administrator\SendTo
2008-03-02 19:37:21 0 dr-h
C:\Documents and Settings\Administrator\Recent
2008-03-02 19:37:21 0 d--h
C:\Documents and Settings\Administrator\PrintHood
2008-03-02 19:37:21 0 d--h
C:\Documents and Settings\Administrator\NetHood
2008-03-02 19:37:21 0 dr
C:\Documents and Settings\Administrator\My Documents
2008-03-02 19:37:21 0 d--h
C:\Documents and Settings\Administrator\Local Settings
2008-03-02 19:37:21 0 dr
C:\Documents and Settings\Administrator\Favorites
2008-03-02 19:37:21 0 d
C:\Documents and Settings\Administrator\Desktop
2008-03-02 19:37:21 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-02 19:37:21 0 dr-h
C:\Documents and Settings\Administrator\Application Data
2008-03-02 19:37:21 0 d
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-03-02 19:37:20 786432 --ah
C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-01 00:57:08 0 d
C:\Documents and Settings\Shawn\Application Data\U3
2008-02-25 19:29:10 0 d
C:\Documents and Settings\Shawn\Application Data\Seekmo
2008-02-25 19:29:06 0 d
C:\Documents and Settings\Shawn\Application Data\Google
2008-02-25 13:32:40 1329 --a
C:\Documents and Settings\Jasmine\xl10050.exe
2008-02-25 13:32:40 18944 --a
C:\Documents and Settings\Jasmine\Application Data\nvsvc1024.dll
2008-02-25 11:26:29 0 d
C:\Program Files\Disney
2008-02-22 12:59:09 18944 --a
C:\WINDOWS\system32\wowfx.dll
2008-02-22 12:59:09 1329 --a
C:\Documents and Settings\Yvonne\xl10050.exe
-- Find3M Report
2008-03-15 19:53:05 0 d
C:\Documents and Settings\Yvonne\Application Data\Skype
2008-03-06 22:37:38 0 d
C:\Documents and Settings\Yvonne\Application Data\U3
2008-02-20 10:59:41 0 d
C:\Documents and Settings\Yvonne\Application Data\Apple Computer
2008-02-12 14:04:42 0 d
C:\Program Files\Dell Support Center
2008-02-12 14:03:55 0 d
C:\Program Files\Common Files\supportsoft
2008-02-12 14:03:21 0 d
C:\Program Files\Common Files
2008-02-12 13:53:49 0 d
C:\Documents and Settings\Yvonne\Application Data\Adobe
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}"= C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll [ ]
[-HKEY_CLASSES_ROOT\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Printer"="C:\WINDOWS\system32\printer.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 17:29]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 17:26]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 14:15]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 15:55]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 18:42]
"SeekmoOE"="C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-04-08 14:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-23 09:47]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2004-08-03 17:18]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-16 22:33]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 14:31]
"links"="links.exe" []
"iTunesHelper"="C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe" [2006-02-23 14:45]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 13:04]
"SeekmoSA"="C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 21:09]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-04-08 14:23:49]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 11:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a33255e9-c7aa-11dc-b037-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-03-15 20:33:26
0 -
Hello
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
Please download SmitfraudFix (by S!Ri) to your Desktop.
Next, please reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
Seekmo
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Seekmo /fleok=1D8A83A5C3E1167F9EA975760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll (file missing)
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba1402.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please download the OTMoveIt2 by OldTimer.- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\system32\CF30894.exe C:\WINDOWS\system32\CF20651.exe C:\WINDOWS\system32\CF12272.exe C:\WINDOWS\system32\CF31956.exe C:\Documents and Settings\Jasmine\xl10050.exe C:\Documents and Settings\Jasmine\Application Data\nvsvc1024.dll C:\WINDOWS\system32\wowfx.dll C:\Documents and Settings\Yvonne\xl10050.exe C:\WINDOWS\shell.exe C:\Program Files\Seekmo C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\spoolvs.exe
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
purity HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a33255e9-c7aa-11dc-b037-00038a000015}]
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Reboot and post a new DSS Log0 -
Hi,
Sorry for the long absence -went away for a break.
I followed your instructions however when i started running smitfraudfix in safe mode, I could only get up to typing 2 and pressing enter. It then shows killing process...... and a pop-up - "procese.exe" appears with the following message - "The application or Dll c;\window\system32\wowfx.dll is not a valid window image. Please check this against your installation diskette".When i click ok it just stays there and the whole thing just stalls from there. Done this twice now but still the same problem. Pls advice.0 -
Forgot to add what i obtained from c:\rapport.txt
SmitFraudFix v2.299
Scan done at 19:59:00.40, 2008-03-29
Run from C:\Documents and Settings\Yvonne\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process0 -
Hello
Delete ComboFix.exe and the folders C:\qoobox and C:\ComboFix
Then do this
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:08, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C3E1167F9EA975760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba1402.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCEserv.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 11001 bytes
Here is the log for combofix:
ComboFix 08-03-30.2 - Yvonne 2008-03-30 21:16:23.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191 [GMT 1:00]
Running from: C:\Documents and Settings\Yvonne\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_gdf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEula.mht
C:\Documents and Settings\Chris\Application Data\Seekmo
C:\Documents and Settings\Jasmine\Application Data\Seekmo
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1043399.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1048757.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1056053.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1058628.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066422.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066887.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1067625.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1070519.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1070586.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1096069.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1113194.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1182899.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1265252.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1301996.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\13666.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1367675.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383771.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385382.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385539.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1395210.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1399269.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1402254.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1405661.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1438832.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\147218.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\151198.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\154101.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1627999.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\16595.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\167661.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\173216.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\1840276.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\184307.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2188283.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2208944.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2208948.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\221540.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2451.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\253537.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2697919.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2753035.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\287322.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2883901.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2883915.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884290.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2885061.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2893973.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2899595.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\2963029.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3248899.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3340762.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\335798.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3469510.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\358861.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3786290.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3812108.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852203.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3855249.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3855415.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3859864.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3874855.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893234.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893466.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893859.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\3894078.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\4116.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\433375.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\475389.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\480024.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\502234.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\506517.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\534912.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\53953.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\57048.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\600583.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\607972.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\632969.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\680698.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\693171.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\731481.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\780045.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\805478.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\832459.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\868678.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\875414.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\890068.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\939171.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\942975.sdf
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000029251
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000029502
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000037503
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000044868
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000047768
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000047858
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000067801
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000084494
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10110
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1026
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10536
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10685
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10915
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11213
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1130
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11390
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11431
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\114917
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\115541
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116250
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\117759
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11826
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11891
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\121235
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\126694
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\127257
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\127499
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12772
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12776
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\130253
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13036
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13129
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13184
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13428
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13524
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13546
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13562
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\135664
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13617
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13932
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14171
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\142323
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14435
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14437
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14440
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14633
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14837
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1491
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1509
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15135
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15162
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\153363
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15532
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15541
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\158639
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\159328
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16087
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1614
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16173
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\161965
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16204
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16210
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16309
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16841
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17025
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17502
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\175419
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17572
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17580
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17672
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18019
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\180320
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18035
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18383
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\183903
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\184591
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18676
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\187147
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18779
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18795
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\189120
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19052
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\193255
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19619
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20106
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20128
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\202699
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20299
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20357
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20365
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20374
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20478
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20516
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20517
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\205324
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20570
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\205886
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20701
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20768
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20898
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20967
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21060
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21119
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\211490
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21215
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\213260
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21482
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21668
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21681
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21698
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21889
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\218943
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21911
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\220566
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22246
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\222871
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\223130
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\223385
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22364
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\224666
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\227417
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22913
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\230524
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23066
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\233324
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23607
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23757
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23849
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23857
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23889
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23923
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\241106
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24337
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\244601
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24996
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25043
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25134
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\251438
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\251492
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\252817
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\253036
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25424
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25469
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\254874
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25502
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25509
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25516
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25708
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\257182
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25818
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25887
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\259172
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26213
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26340
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\264564
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26656
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26739
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26763
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27060
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27087
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27414
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27419
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27503
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27505
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27654
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\277907
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\281075
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28128
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28383
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\284460
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28713
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28721
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28812
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\290893
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29115
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29135
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\292137
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29297
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29425
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29547
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29642
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\297237
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\297534
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\299297
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3009
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\306
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30604
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30710
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30823
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30844
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30854
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30945
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31035
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31262
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31309
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31357
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31690
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32122
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32148
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32171
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32198
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32242
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32276
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32290
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32634
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32639
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32651
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33069
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33312
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3332
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33697
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34058
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\341325
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34134
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3416
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34167
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34174
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34186
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34322
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34381
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34481
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3450
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34513
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34831
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35000
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35006
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35012
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35015
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\352
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35737
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\359772
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36079
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36259
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\367116
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36735
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37135
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37207
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\372500
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\374830
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37565
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37602
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37616
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37635
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37799
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37804
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\378205
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3802
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38186
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38333
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38399
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38581
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\386385
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\386789
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\388251
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38868
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\389560
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38980
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39542
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\398397
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3986
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39897
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\400701
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\401332
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\40256
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\40726
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\40999
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41115
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41215
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41364
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4142
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4157
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41584
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41720
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41940
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42208
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\422734
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\427075
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\427148
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42861
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42915
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42916
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43118
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43120
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43142
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\432053
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43377
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43719
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43803
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43907
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43979
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44100
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44279
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44293
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44300
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44306
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44458
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44462
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44583
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44706
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44750
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44769
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44878
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44957
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44960
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44961
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44976
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4500
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\453218
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45437
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\454667
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45827
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45833
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45837
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\459052
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\459338
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\460458
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\461563
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\46159
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\462847
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\46707
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4692
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4721
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\47370
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\47371
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\47468
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4763
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\477253
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\481176
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\489917
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49432
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49527
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49587
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4967
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4974
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49821
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\50037
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\50618
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\506799
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\507892
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\50830
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\50887
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\509213
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51194
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51233
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51374
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\516030
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51666
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\519208
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51931
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52219
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52253
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5246
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\526389
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\527755
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52968
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52972
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52974
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52977
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53077
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\531510
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\532492
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53310
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53481
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\534852
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5358
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\538263
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53842
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\539163
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53923
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5393
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\540152
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\541324
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54189
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54469
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54473
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5464
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\547723
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\549635
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\55004
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\551747
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5535
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\555618
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\55725
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\55865
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\56100
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\561900
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\56412
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\568061
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\56815
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\572769
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5749
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\578150
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\578458
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\57904
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\57918
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5812
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58427
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\586413
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58804
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58917
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\590396
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\591628
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5920
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59234
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59344
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\595216
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59598
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59844
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59905
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59913
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6002
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\60325
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\603779
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\60421
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\604347
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\60495
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6066
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\60709
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\60785
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\609764
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61113
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\611216
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61269
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\615307
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61627
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\616704
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61779
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61795
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\618190
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61837
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61853
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\618565
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\62229
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\622354
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6249
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\625325
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6280
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\628146
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\628262
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6292
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6302
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\63264
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6340
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6342
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\63610
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\636407
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6368
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\63806
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\63882
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64209
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6428
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64404
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64429
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64434
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64446
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64467
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64482
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64495
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64517
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64564
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64605
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64646
C:\Documents and Settings\Jasmine\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64690 -
Advertisement
-
Hello
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O2 - BHO: Seekmo /fleok=1D8A83A5C3E1167F9EA975760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [links] links.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:File::
C:\WINDOWS\system32\wowfx.dll
C:\Documents and Settings\Jasmine\xl10050.exe
C:\Documents and Settings\Yvonne\xl10050.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Reboot and post a new HijackThis log0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:37, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba1402.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LXCECustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCEserv.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 10623 bytes0 -
Can you post the ComboFix log as well0
-
ComboFix 08-03-30.2 - Yvonne 2008-04-03 16:40:52.4 - NTFSx86
Running from: C:\Documents and Settings\Yvonne\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Yvonne\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\Jasmine\xl10050.exe
C:\Documents and Settings\Yvonne\xl10050.exe
C:\WINDOWS\system32\wowfx.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jasmine\xl10050.exe
C:\Documents and Settings\Yvonne\xl10050.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.
2008-03-29 19:06 . 2008-03-30 19:26 54,156 --ah
C:\WINDOWS\QTFont.qfn
2008-03-29 19:06 . 2008-03-29 19:06 1,409 --a
C:\WINDOWS\QTFont.for
2008-03-15 21:32 . 2008-03-15 21:32 <DIR> d
C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 15:45
d
w C:\Documents and Settings\Yvonne\Application Data\Skype
2008-04-03 14:56
d
w C:\Documents and Settings\Yvonne\Application Data\U3
2008-04-02 09:14
d
w C:\Documents and Settings\Yvonne\Application Data\CyberLink
2008-03-06 13:13
d
w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-01 23:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-01 01:02
d
w C:\Documents and Settings\Shawn\Application Data\U3
2008-02-29 23:48 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-25 11:26
d
w C:\Program Files\Disney
2008-02-20 10:59
d
w C:\Documents and Settings\Yvonne\Application Data\Apple Computer
2008-02-12 15:09
d
w C:\Documents and Settings\Jasmine\Application Data\McAfee.com Personal Firewall
2008-02-12 14:05
d
w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-12 14:04
d
w C:\Program Files\Dell Support Center
2008-02-12 14:03
d
w C:\Program Files\Common Files\supportsoft
2005-07-01 22:47 18,944 ----a-w C:\Documents and Settings\Jasmine\Application Data\nvsvc1024.dll
.
Sigcheck
2004-08-04 05:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 05:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 05:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-08-04 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 22:09 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 18:29 184320]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-04-08 15:24 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-23 10:47 155648]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2004-08-03 18:18 1083392]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-16 23:33 98304]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 15:31 1327104]
"iTunesHelper"="C:\Documents and Settings\Chris\Desktop\iTunesHelper.exe" [2006-02-23 15:45 278528]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54 57344]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 14:04 147456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-07-29 19:22:15 81920]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-04-08 15:23:49 156784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Chris\\Desktop\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\system32\\winav.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
S2 LXCECustomerConnect;LXCECustomerConnect;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCEserv.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a33255e9-c7aa-11dc-b037-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 14:49:12 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DJSZ9L1J-Yvonne).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-04-03 15:43:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Chris).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-04-03 15:45:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Jasmine).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-04-03 15:45:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Karl).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-04-03 15:42:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-04-03 15:43:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Shawn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-04-03 15:45:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJSZ9L1J-Yvonne).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent.YvonnePMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 16:44:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-03 16:48:47
ComboFix-quarantined-files.txt 2008-04-03 15:48:34
ComboFix2.txt 2008-03-30 21:03:48
Pre-Run: 55,138,623,488 bytes free
Post-Run: 55,127,691,264 bytes free
.
2008-02-13 18:34:29 --- E O F ---0 -
Nearly done
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:File::
C:\Documents and Settings\Jasmine\Application Data\nvsvc1024.dll
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Reboot and tell me how your PC is running0 -
Malwarebytes' Anti-Malware 1.11
Database version: 606
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 115504
Time elapsed: 45 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 88
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 126
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b0eceac-f597-4858-a542-d966b49055b9} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{031cbf6a-c70e-4177-a0d4-c5268ee311fb} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lmgr180.wmdrmax (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lmgr180.wmdrmax.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\Documents and Settings\Jasmine\Application Data\nvsvc1024.dll.vir (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0419406.dll (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0419411.dll (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0419412.dll (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0419413.dll (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0419414.dll (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0419415.dll (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0419416.dll (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-1.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-10.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-100.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-101.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-102.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-103.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-104.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-105.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-106.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-107.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-108.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-109.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-11.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-110.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-111.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-112.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-113.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-114.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-12.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-13.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-14.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-15.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-16.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-17.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-18.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-19.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-2.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-20.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-21.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-22.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-23.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-24.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-25.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-26.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-27.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-28.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-29.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-3.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-30.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-31.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-32.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-33.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-34.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-35.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-36.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-37.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-38.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-39.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-4.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-40.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-41.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-42.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-43.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-44.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-45.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-46.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-47.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-48.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-49.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-5.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-50.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-51.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-52.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-53.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-54.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-55.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-56.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-57.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-58.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-59.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-6.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-60.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-61.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-62.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-63.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-64.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-65.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-66.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-67.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-68.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-69.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-7.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-70.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-71.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-72.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-73.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-74.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-75.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-76.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-77.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-78.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-79.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-8.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-80.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-81.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-82.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-83.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-84.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-85.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-86.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-87.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-88.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-89.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-9.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-90.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-91.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-92.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-93.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-94.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-95.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-96.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-97.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-98.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\snapshot\MFEX-99.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP432\A0432013.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP432\A0432033.exe (Trojan.Renos) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP452\A0455187.dll (Trojan.Qhost) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Dell Media Experience.lnk (Dialer) -> Quarantined and deleted successfully.0 -
Your logs are clean ! We need to do a few things
Follow these steps to uninstall Combofix and tools used in the removal of malware- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Make sure you have an Internet Connection.
- Double-click OTMoveIt2.exe to run it.
- Click on the CleanUp! button
- A list of tool components used in the Cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
- Click Yes to beging the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here
Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.0 -
Hi,
Thank you for being soo patient and helping me through it all. Sorry for not getting back to you. Moving to new house/county.
Tried to type combofix /u but comp. won't let me. Says to check spellings. pls advice.0 -
Go on with the other steps and do this
Delete ComboFix.exe and the folders C:\ComboFix and C:\qoobox
And
Now we need to create a new System Restore point.
Click Start Menu > Run > type (or copy and paste)
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.0 -
Advertisement
-
Hi,
I just want to say a big thank you for everything. i have not finished the steps yet cos my head is flying all over the place with packing stuff and moving house - got a week left. I'll talk to you when i'm settled hopefully there won't be any problems.
God bless.0
Advertisement