Jump to content


Photo

Help with NMBg Monitor and Registry Helper


  • This topic is locked This topic is locked
6 replies to this topic

#1 btw

btw

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 04 April 2010 - 08:48 PM

Hello,

I am helping someone with a badly infected computer. Just looking at the StartUp applications using msconfig I found NMBg Monitor and Registry Helper running on the computer.

Here is the log from Malwarebytes' Anti-Malware.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3954

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-04-04 21:25:29
mbam-log-2010-04-04 (21-25-29).txt

Scan type: Full scan (C:\|D:\|E:\|K:\|)
Objects scanned: 245569
Time elapsed: 1 hour(s), 52 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 116
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 27
Files Infected: 440

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{fbb40fdf-b715-4342-ab82-244ecc66e979} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\IESkins (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\dynamic (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\dynamic (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\DownLoad (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\dynamic (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\1 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\2 (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> No action taken.

Files Infected:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080403-202325-393.dll (Adware.Zango) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte10_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte11_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte12_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte13_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte14_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte19_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte20_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte21_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte9_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\030203lib_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102angel_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigluf_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102birthday_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102cheers_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102flo_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102good_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102jump_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102king_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102lough_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102luf_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102smiled_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102smile_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102sor_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102thanx_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\033102uhu_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\040103ahh_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\040103wow_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\040104_emi2_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\042102_1134_112_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103big_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103gig_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103hm_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\050103norm_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema15_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema16_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema17_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema18_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema19_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema20_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema21_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema24_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema25_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema26_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema30_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema33_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema34_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\062802hippi_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\062802jumpie_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\080402argh_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\080402oops_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\080402ouch_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\082502no_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\082502yes_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_boring1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_confused_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_fantastic_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_feel_better_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_gimme_break_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_heehee_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_hlopaet_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_ign_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_lol_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_no_comment_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_peace_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_smashing_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\blocked.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\blocked2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_add-but.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_back-but.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_enabled_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_pressed_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_enabled_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_pressed_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_enabled_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_pressed_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\business_promo.htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\buttondir.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\components.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css2_main.css (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css2_pagingmodule.css (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css2_topbuttons.css (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css_cattree.css (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\css_flashpreview.css (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\cursors.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\delete.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\edit_clear_sound.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\edit_fs.htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\edit_select.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-543450.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-548964.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-589306.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-591943.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-592579.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-598579.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-603763.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9595.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9696.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511745-514279.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-bcards.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-ecards.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-emoticons.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-estationery.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-funny.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-help.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-images.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-info.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-more.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-my.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new2.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-options.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-people.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-photo.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-tell.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-temp.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-text.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-voice.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-def.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-premium-email-premium.mnu (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-t1-bg.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\email-temp-bg.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\estatationery.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\flashpatch.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\flashpreview.htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\fs3.htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\hotbar_promo.htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_checked_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_pressed_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_preview.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_send.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_flash_preview.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_recently_used.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_pressed_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_sand-clock2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_pressed_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tree_null.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout4.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_corner_left.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\img_local_logo.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_basetemplate.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbgroups.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobject3.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobjectset3.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hotbarwrapper.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_texts3.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\js2_xmltree3nf.js (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\layout.cdf (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\linkpathlegal.txt (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\n.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\nav_bb_2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\nav_b_2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\nav_ff_2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\nav_f_2.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\progress.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\sales_buttons.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\searchbtn.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\seekmo_btn.res (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\submit.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bg.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bga.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bgia.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_l.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_la.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_lia.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_r.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ra.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ria.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_animations.xml (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_backgrounds.xml (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_ecards.xml (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_emoticons.xml (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_notifiers.xml (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_text.xml (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tree_dots.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tree_minus.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\1\tree_plus.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\business_promo.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\buttondir.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\code.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\cursors.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\email-def.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\email-t1-bg.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\email-temp-bg.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\hotbar_promo.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\images.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\layout.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\linkpathlegal.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\localcontent.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\progress.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\sales_buttons.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\seekmo_btn.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOI\static\DownLoad\treexml.xip (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte10_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte11_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte12_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte13_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte14_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte19_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte20_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte21_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte9_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\030203lib_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\033102angel_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Seekmo\v3.0\HostOL\static\1\033102bigluf_1_prv.gif (Trojan.Agent) -> No action taken.
C:\Docu

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 06 April 2010 - 08:32 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please run Malwarebutes and make sure that everything is checked, and click Remove Selected.

Close the tool.
===

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.

Delete this folder in bold if found.
C:\Program Files\ShoppingReport\

Restart the computer normally.
===

Please run this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Submit a fresh HijackThis log.

Let me know what issues remains.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 btw

btw

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 08 April 2010 - 12:59 PM

Thank you nasdaq. I am running through your instructions with my in-law by phone and will reply shortly with status update.

btw

#4 btw

btw

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 15 April 2010 - 07:14 PM

Thanks again for your help with this Nasdaq.

Malwarebytes was run and everything was removed.

The following was removed using HijackThis
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot

These items were not found by HijackThis
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

The folder C:\Program Files\ShoppingReport\ was not found.

If you are wondering, this computer was running without a firewall or antivirus for around two years. The applications identified by Security Check were installed post infection.

Here is the log from Security Check

Results of screen317's Security Check version 0.99.3
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

McAfee Security Scan Plus
ZoneAlarm Security Suite
ZoneAlarm Toolbar
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 17
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3 - Français
````````````````````````````````
Process Check:
objlist.exe by Laurent

Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````


Here is a new log from HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:10, on 2010-04-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\eemdissrv.exe
C:\WINDOWS\system32\eelogsvc.exe
C:\WINDOWS\system32\eelssrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\Entrust\ESP\eesystry.exe
C:\Program Files\Fichiers communs\Entrust\ESP\eecwatch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\eelssrv.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\HP_Administrateur\Bureau\SecurityCheck.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Administrateur\Bureau\SecurityCheck.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehshell.exe
C:\WINDOWS\ehome\ehExtHost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\Program Files\Logitech\Video\VideoEffectsWatcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...LION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...LION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...LION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: MapQuest Toolbar Search Class - {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
O1 - Hosts: HP7917EF
O1 - Hosts: HP7917EF HP0017A47917EF
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: MapQuest Toolbar Loader - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MapQuest Toolbar - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eelstray] C:\Program Files\Fichiers communs\Entrust\ESP\eesystry.exe
O4 - HKLM\..\Run: [espwatchdog] C:\Program Files\Fichiers communs\Entrust\ESP\eecwatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160056678083
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1264899239421
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: EESP - C:\WINDOWS\system32\eelsto.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'ID numérique d'ordinateur Entrust Entelligence (EEComputerDigitalIDService) - Entrust® - C:\WINDOWS\system32\eemdissrv.exe
O23 - Service: Service de journalisation Entrust Entelligence (eelogsvc) - Entrust® - C:\WINDOWS\system32\eelogsvc.exe
O23 - Service: Service d'ouverture de session Entrust Entelligence (EELSService) - Entrust® - C:\WINDOWS\system32\eelssrv.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Service Google Update (gupdate1c9ad7991ef8994) (gupdate1c9ad7991ef8994) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14994 bytes

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 16 April 2010 - 07:29 AM

Java™ 6 Update 17
Out of date Java installed!


Not critical. The latest version is Java 6 Update 19.

To check your JAVA to see if it is the latest version, go here:
http://www.java.com/...d/installed.jsp
===

MBAM must have clean the items that were not found.

Your HijackThis log is clean.

Any remaining issues?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 btw

btw

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 16 April 2010 - 07:36 AM

Thanks nasdaq. I think that does it. Now I just need to help him remove all the bloatware he has installed. Has a tendency to say yes to every installation question.

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 30 April 2010 - 09:15 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button