Member Panel

livinirie84 · 08:32 PM

I need some help...I've received some great help on this forum in the past so here I am again.
I have a HijackThis Log and i'll post it at the end.

I'm not so good at the lingo so forgive me if i call things by the wrong names.

Here it goes. A 'program' called Seekmo has installed itself on my computer. It is basically inundating my computer with fake spyware alerts that direct me to advertisements for spyware protection software. Also, it has installed a toolbar in Internet Explorer that looks like a spyware remover.
I have run some scans and deleted some things but the program is still listed in my start menu and in the toolbar and the alerts are almost non stop.
I tried restoring my computer and each time it just says that the restore was incomplete. It does not explain why I can't restore. I went back as much as a month.

I am a little lost and I'm afraid of making things worse so now I need some advice from someone more experienced in this department. I will appreciate any help you all can give. Thank you in advance.
Meagan

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:25:39 AM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TDM33EZH\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Cowburn199

Hello livinirie and welcome to PCHF

I have moved your thread to the HiJackThis! Logs forum

Pancake

Please download Combofix from HERE or HERE

Save ComboFix to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

livinirie84

Ok...Here is my ComboFix Log:

ComboFix 07-11-01.1** - Owner 2007-11-02 16:35:00.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JFRJQEPE\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
C:\Documents and Settings\Owner\Application Data\Seekmo
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066422.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1141347.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385517.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1389405.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\169047.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\375496.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\600583.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\625696.sdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000029 935
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000084 494
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116977
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\119182
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12457
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12772
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15039
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\159294
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17025
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\180320
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18906
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\202699
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20304
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20478
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\218419
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\218682
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25469
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26656
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\286256
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29115
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\297534
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30999
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31551
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31979
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32122
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33137
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3338
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33912
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35062
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36247
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3677
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3735
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38194
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39228
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39245
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\40256
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\402568
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\40726
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4100
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4382
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44228
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44750
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\475788
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\477253
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51194
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\526442
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53801
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\538263
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\540152
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5777
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\578458
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\579123
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59221
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59234
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61779
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6292
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64517
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6458
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64760
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67733
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68257
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744599
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744742
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744816
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744895
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744930
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744977
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745137
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745304
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\747928
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748002
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748176
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748329
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748354
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748374
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748763
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748893
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753197
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79246
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79972
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79977
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82442
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\8290
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85698
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86140
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\873
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\87499
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\89200
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93815
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93899
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93909
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93934
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\97082
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\99163
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\99658
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\35f6.dat
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1 000.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2 000.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3 000.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_b ar.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_b bar1.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_l ogos.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_o ther.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.r es
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categoriz e.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_compariso n.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites .mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom .mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.m nu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mn u
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.m nu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor .mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo. mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.m nu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpag es.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.r es
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.re s
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.x ip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1. xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir. xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xi p
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_1000.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_2000.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_3000.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_bar.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_bbar1.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_logos.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_other.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_we ather.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xi p
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_i con.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.x ip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.x ip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1. xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathle gal.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.x ip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_bu ttons.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_**** ons.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegrou ps2.txt
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegrou ps2.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_ menu.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
.
((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
.
2007-11-02 16:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 08:23 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-28 05:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-10-11 16:47 245,408 --a------ C:\WINDOWS\system32\unicows.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-02 21:24 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-28 23:18 --------- d-----w C:\Program Files\XoftSpySE
2007-10-13 06:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-09-09 18:14 --------- d-----w C:\Program Files\iTunes
2007-09-09 18:14 --------- d-----w C:\Program Files\iPod
2007-09-08 05:11 --------- d-----w C:\Program Files\Graphic Converter 2003
2007-09-07 16:16 --------- d-----w C:\Program Files\Weight Commander
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-03 07:00 15,336,051 ----a-w C:\Program Files\podcast_2.m4a
2007-03-27 21:27 166 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-03-24 19:28 189,124,208 ----a-w C:\Program Files\HP Printer.exe
2007-03-24 19:02 56,613,144 ----a-w C:\Program Files\Logitech software.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-28 08:23 84480]
[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-28 08:23 84480]
[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 05:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 05:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 05:11]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-17 02:26]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 10:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 20:27]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 19:37]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 23:55]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"XoftSpy"="C:\Program Files\XoftSpy\XoftSpy.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-08-05 19:18:41]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFH WATI.sys
R3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\dr ivers\MusCDriverV32.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tieh dusb.sys
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a1ea9914-2397-11dc-8c31-0014a569328b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 01:32:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-29 13:30:00 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 6 30 AM.job"
- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\ppv5consumercl.exe
"2007-10-31 17:00:00 C:\WINDOWS\Tasks\XoftSpy.job"
"2007-11-02 21:21:43 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-10-28 02:57:03 C:\WINDOWS\Tasks\XoftSpySE.job"
.
************************************************** ************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 16:38:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?8?4?1??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-11-02 16:38:51
.
--- E O F ---

livinirie84

And here is my new HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 16:47, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Start Menu\Programs\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

livinirie84

Thanks in advance for any help!
Meagan

Member Panel

Sponsors and Ads

Live Tag Cloud