• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
btw

Help with NMBg Monitor and Registry Helper

7 posts in this topic

Hello,

 

I am helping someone with a badly infected computer. Just looking at the StartUp applications using msconfig I found NMBg Monitor and Registry Helper running on the computer.

 

Here is the log from Malwarebytes' Anti-Malware.

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Database version: 3954

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-04-04 21:25:29

mbam-log-2010-04-04 (21-25-29).txt

 

Scan type: Full scan (C:\|D:\|E:\|K:\|)

Objects scanned: 245569

Time elapsed: 1 hour(s), 52 minute(s), 15 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 116

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 27

Files Infected: 440

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{fbb40fdf-b715-4342-ab82-244ecc66e979} (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Seekmo) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\IESkins (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0 (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\dynamic (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1 (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\dynamic (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1 (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\DownLoad (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\dynamic (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\1 (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\2 (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Trojan.Agent) -> No action taken.

C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> No action taken.

 

Files Infected:

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080403-202325-393.dll (Adware.Zango) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte10_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte11_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte12_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte13_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte14_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte19_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte20_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte21_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte9_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030203lib_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102angel_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigluf_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102birthday_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102cheers_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102flo_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102good_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102jump_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102king_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102lough_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102luf_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102smiled_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102smile_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102sor_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102thanx_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102uhu_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\040103ahh_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\040103wow_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\040104_emi2_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\042102_1134_112_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103big_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103gig_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103hm_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103norm_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema15_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema16_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema17_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema18_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema19_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema20_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema21_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema24_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema25_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema26_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema30_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema33_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema34_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\062802hippi_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\062802jumpie_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\080402argh_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\080402oops_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\080402ouch_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\082502no_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\082502yes_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_boring1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_confused_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_fantastic_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_feel_better_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_gimme_break_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_heehee_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_hlopaet_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_ign_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_lol_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_no_comment_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_peace_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_smashing_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\blocked.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\blocked2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_add-but.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_back-but.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_enabled_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_pressed_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_enabled_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_pressed_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_enabled_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_pressed_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\business_promo.htm (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\buttondir.txt (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\components.cdf (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css2_main.css (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css2_pagingmodule.css (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css2_topbuttons.css (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css_cattree.css (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css_flashpreview.css (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\cursors.res (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\delete.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\edit_clear_sound.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\edit_fs.htm (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\edit_select.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-543450.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-548964.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-589306.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-591943.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-592579.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-598579.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-603763.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9595.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9696.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511745-514279.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-bcards.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-ecards.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-emoticons.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-estationery.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-funny.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-help.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-images.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-info.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-more.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-my.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new2.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-options.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-people.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-photo.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-tell.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-temp.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-text.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-voice.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def.cdf (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-premium-email-premium.mnu (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-t1-bg.res (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-temp-bg.res (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\estatationery.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\flashpatch.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\flashpreview.htm (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\fs3.htm (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\hotbar_promo.htm (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_checked_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_pressed_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_preview.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_send.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_flash_preview.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_recently_used.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_pressed_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_sand-clock2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_pressed_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tree_null.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout4.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_corner_left.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_local_logo.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_basetemplate.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbgroups.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobject3.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobjectset3.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hotbarwrapper.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_texts3.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_xmltree3nf.js (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\layout.cdf (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\linkpathlegal.txt (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\n.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\nav_bb_2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\nav_b_2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\nav_ff_2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\nav_f_2.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\progress.res (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\sales_buttons.res (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\searchbtn.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\seekmo_btn.res (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\submit.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bg.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bga.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bgia.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_l.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_la.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_lia.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_r.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ra.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ria.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_animations.xml (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_backgrounds.xml (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_ecards.xml (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_emoticons.xml (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_notifiers.xml (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_text.xml (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tree_dots.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tree_minus.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tree_plus.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\business_promo.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\buttondir.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\code.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\cursors.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\email-def.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\email-t1-bg.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\email-temp-bg.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\hotbar_promo.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\images.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\layout.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\linkpathlegal.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\localcontent.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\progress.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\sales_buttons.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\seekmo_btn.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\treexml.xip (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte10_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte11_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte12_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte13_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte14_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte19_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte20_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte21_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte9_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030203lib_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\033102angel_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\033102bigluf_1_prv.gif (Trojan.Agent) -> No action taken.

C:\Docu

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Please run Malwarebutes and make sure that everything is checked, and click Remove Selected.

 

Close the tool.

===

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Delete this folder in bold if found.

C:\Program Files\ShoppingReport\

 

Restart the computer normally.

===

 

Please run this security check for my review.

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

 

Submit a fresh HijackThis log.

 

Let me know what issues remains.

Share this post


Link to post
Share on other sites

Thank you nasdaq. I am running through your instructions with my in-law by phone and will reply shortly with status update.

 

btw

Share this post


Link to post
Share on other sites

Thanks again for your help with this Nasdaq.

 

Malwarebytes was run and everything was removed.

 

The following was removed using HijackThis

O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot

 

These items were not found by HijackThis

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

 

The folder C:\Program Files\ShoppingReport\ was not found.

 

If you are wondering, this computer was running without a firewall or antivirus for around two years. The applications identified by Security Check were installed post infection.

 

Here is the log from Security Check

 

Results of screen317's Security Check version 0.99.3

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

McAfee Security Scan Plus

ZoneAlarm Security Suite

ZoneAlarm Toolbar

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 17

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 9.3 - Français

````````````````````````````````

Process Check:

objlist.exe by Laurent

Zone Labs ZoneAlarm zlclient.exe

````````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

 

``````````End of Log````````````

 

 

Here is a new log from HijackThis.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:36:10, on 2010-04-15

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\eemdissrv.exe

C:\WINDOWS\system32\eelogsvc.exe

C:\WINDOWS\system32\eelssrv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Fichiers communs\Entrust\ESP\eesystry.exe

C:\Program Files\Fichiers communs\Entrust\ESP\eecwatch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\eelssrv.exe

C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\HP_Administrateur\Bureau\SecurityCheck.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\HP_Administrateur\Bureau\SecurityCheck.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\ehome\ehshell.exe

C:\WINDOWS\ehome\ehExtHost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

C:\Program Files\Logitech\Video\VideoEffectsWatcher.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=64&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=64&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=64&bd=PAVILION&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=64&bd=PAVILION&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: MapQuest Toolbar Search Class - {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll

O1 - Hosts: HP7917EF

O1 - Hosts: HP7917EF HP0017A47917EF

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: MapQuest Toolbar Loader - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MapQuest Toolbar - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll

O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [eelstray] C:\Program Files\Fichiers communs\Entrust\ESP\eesystry.exe

O4 - HKLM\..\Run: [espwatchdog] C:\Program Files\Fichiers communs\Entrust\ESP\eecwatch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160056678083

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264899239421

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: EESP - C:\WINDOWS\system32\eelsto.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Service d'ID numérique d'ordinateur Entrust Entelligence (EEComputerDigitalIDService) - Entrust® - C:\WINDOWS\system32\eemdissrv.exe

O23 - Service: Service de journalisation Entrust Entelligence (eelogsvc) - Entrust® - C:\WINDOWS\system32\eelogsvc.exe

O23 - Service: Service d'ouverture de session Entrust Entelligence (EELSService) - Entrust® - C:\WINDOWS\system32\eelssrv.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: Service Google Update (gupdate1c9ad7991ef8994) (gupdate1c9ad7991ef8994) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 14994 bytes

Share this post


Link to post
Share on other sites
Java™ 6 Update 17

Out of date Java installed!

 

Not critical. The latest version is Java 6 Update 19.

 

To check your JAVA to see if it is the latest version, go here:

http://www.java.com/en/download/installed.jsp

===

 

MBAM must have clean the items that were not found.

 

Your HijackThis log is clean.

 

Any remaining issues?

Share this post


Link to post
Share on other sites

Thanks nasdaq. I think that does it. Now I just need to help him remove all the bloatware he has installed. Has a tendency to say yes to every installation question.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0