There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
audio avg avg 8 backup bios boot browser bsod computer cpu crash css desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze game graphics hard drive hardware help please hijackthis hjt install internet internet explorer itunes javascript keyboard lan laptop malware missing monitor msn network networking openoffice outlook outlook 2003 outlook express php popups problem router screen seo slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp wireless word
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
how do i fix this?


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 1 of 2 1 2 >
 
Thread Tools
Rdawg9's Avatar
Computer Specs
Junior Member with 16 posts.
  
Join Date: Apr 2008
Experience: Intermediate
23-Apr-2008, 03:27 AM #1
how do i fix this?
Hey guys, this is my first time posting on any tech support forum and am pretty inexperienced compared to most of the people on this site. Anyway so here is my problem; I get onto the computer which is a dell laptop with microsoft windows xp, and after about 5-10 minutes this random music will start playing on my computer. I then exit all windows and checked task manager and there was nothing running. This happens just about every time i get on the computer. I then checked running processes and closed iexplorer.exe and the problem is gone, only to return when i reboot. I recently switched to mozilla firefox with hopes that that would fix the problem but it didn't.
Please help me with this one sometimes the music isn't music and has people screaming and can be very vulgar!
Thanks
Cookiegal's Avatar
Administrator with 51,331 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
24-Apr-2008, 12:01 PM #2
Hi and welcome to TSG,

Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Rdawg9's Avatar
Computer Specs
Junior Member with 16 posts.
  
Join Date: Apr 2008
Experience: Intermediate
11-May-2008, 05:51 AM #3
hijackthis notepad
Hey i apologise for not responding very fast, I will be checking this daily from here on out. Thanks a ton for your time and hopefully we will be able to fix this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:41 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\antiviirus.exe
C:\Program Files\tmp0.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122177692896
O21 - SSODL: RomSys - {12870a9c-3e94-4293-abad-6e2d65881dcb} - C:\WINDOWS\Installer\{12870a9c-3e94-4293-abad-6e2d65881dcb}\RomSys.dll
O21 - SSODL: zip - {8ab5408d-bc26-4d99-9b72-cdc72e3e566c} - C:\WINDOWS\Installer\{8ab5408d-bc26-4d99-9b72-cdc72e3e566c}\zip.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://webct.isu.edu/web-ct/en/img/b...umb_border.gif

--
End of file - 9718 bytes

thanks again
Cookiegal's Avatar
Administrator with 51,331 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
12-May-2008, 07:39 PM #4
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Rdawg9's Avatar
Computer Specs
Junior Member with 16 posts.
  
Join Date: Apr 2008
Experience: Intermediate
15-May-2008, 04:19 AM #5
some quick questions
Ok so i have combofix on my desktop ready to use and am now trying to put my computer into recovery mode. Whenever i click on the "WindowsXP-KB310994-SP2-Home-BootDisk-ENU Icon" that is on my desktop, it asks me where to save the file. am i supposed to save the file somewhere or is everything i need already installed? does that make sense? Also every time a start my computer symantec blocks trojan.ativirex.B or something like that. Is it safe to disable Norton antivirus for combofix even though it is blocking this virus?
thanks again
Cookiegal's Avatar
Administrator with 51,331 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
15-May-2008, 08:31 PM #6
First, you don't want to boot to the recovery console.

Secondly, as per the instructions in the link I gave you, you don't double-click the file that's on your desktop, you drag it onto ComboFix. See step 3 in the guide.

Yes, you need to disable Norton or it will interfere with ComboFix but only after you've downloaded it but before running a scan.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Rdawg9's Avatar
Computer Specs
Junior Member with 16 posts.
  
Join Date: Apr 2008
Experience: Intermediate
17-May-2008, 03:30 PM #7
combofix log
hey this is the first half of the combofix log

ComboFix 08-05-12.1 - Jenny Ford 2008-05-16 13:33:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.235 [GMT -5:00]
Running from: C:\Documents and Settings\Jenny Ford\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jenny Ford\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf_update.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\1022703.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\1063425.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\1065023.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\139562.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\1450356.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\2881352.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884324.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884426.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884488.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\2894097.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\3340762.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\3386906.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\3426120.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\3466243.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\36472.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\3853061.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893642.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\441100.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\48657.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\600583.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\720992.sdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000030322
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000030338
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000030687
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000048504
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000068407
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10110
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116250
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116977
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\117970
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\118060
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12457
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13939
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1424
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15473
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16087
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1610
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16173
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16176
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17025
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\180320
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18721
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19650
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19661
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19677
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20106
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\202699
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\218682
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\218712
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21889
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22257
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22272
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\223385
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23111
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23616
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23923
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23928
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24341
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24619
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\246310
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25509
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\275967
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\277907
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\286256
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\290893
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29115
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29642
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\297534
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30604
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31262
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31409
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31537
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31690
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32137
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32171
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32276
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32506
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3338
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33697
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3405
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34174
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34176
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\342303
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34374
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35000
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35389
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36247
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36625
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36834
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39245
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39897
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41364
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41421
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41584
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41668
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\427148
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44228
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44789
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45833
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\47468
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\475788
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\477253
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\481176
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49587
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\50548
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\509213
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51166
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51666
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51888
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52253
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52335
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53310
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\533670
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5411
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\551747
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\559580
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\57878
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\579123
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59234
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59844
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59873
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59923
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\604347
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\60804
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\60841
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61779
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61894
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\625325
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6292
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64429
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64434
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64446
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64467
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6458
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6586
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66274
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67226
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67469
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67564
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68055
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68094
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68257
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68597
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69626
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\72786
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73391
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73723
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\738022
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\742100
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744210
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744260
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744513
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744819
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744963
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745146
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745304
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748176
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\75089
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\751224
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753197
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753198
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753199
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753250
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753300
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753309
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753327
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753331
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753334
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753335
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753340
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753346
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753350
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\78237
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\78697
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79079
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79246
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79257
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79806
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79972
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79977
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\80026
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\81293
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82292
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\8282
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\8290
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\83706
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\83743
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\83757
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86379
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\87843
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\91224
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\92721
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93568
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93899
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93934
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94515
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95701
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\95774
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\9672
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\9807
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\367c.dat
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu
Rdawg9's Avatar
Computer Specs
Junior Member with 16 posts.
  
Join Date: Apr 2008
Experience: Intermediate
17-May-2008, 03:33 PM #8
combofix log
second half of combofix log

C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
C:\Documents and Settings\Jenny Ford\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Jenny Ford\Favorites\Error Cleaner.url
C:\Documents and Settings\Jenny Ford\Favorites\Privacy Protector.url
C:\Documents and Settings\Jenny Ford\Favorites\Spyware&Malware Protection.url
C:\Program Files\antiviirus.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\WINDOWS\Installer\{12870a9c-3e94-4293-abad-6e2d65881dcb}
C:\WINDOWS\Installer\{12870a9c-3e94-4293-abad-6e2d65881dcb}\RomSys.dll
C:\WINDOWS\Installer\{8ab5408d-bc26-4d99-9b72-cdc72e3e566c}
C:\WINDOWS\Installer\{8ab5408d-bc26-4d99-9b72-cdc72e3e566c}\zip.dll
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\univrs32.dat
C:\WINDOWS\system32\winivstr.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-10 03:57 . 2008-05-10 03:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-05 02:54 . 2008-05-06 02:13 <DIR> d-------- C:\Program Files\Incomplete
2008-05-05 02:53 . 2008-05-10 04:02 <DIR> d-------- C:\Program Files\LimeWire
2008-04-22 00:55 . 2008-04-22 00:55 <DIR> d-------- C:\Documents and Settings\Jenny Ford\Application Data\MSNInstaller
2008-04-22 00:01 . 2008-04-22 00:01 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-21 23:31 . 2008-04-21 23:31 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-16 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 18:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-16 17:55 --------- d-----w C:\Program Files\Norton SystemWorks
2008-05-10 07:41 --------- d-----w C:\Program Files\Lx_cats
2008-05-06 06:08 --------- d-----w C:\Documents and Settings\Jenny Ford\Application Data\LimeWire
2008-04-22 06:24 --------- d-----w C:\Program Files\Java
2008-04-22 05:54 --------- d-----w C:\Program Files\UselessCreations
2008-04-22 05:53 --------- d-----w C:\Program Files\Yahoo!
2008-03-16 22:46 98,304 ----a-w C:\WINDOWS\fmsxwqs.exe
2008-03-16 22:46 262,144 ----a-w C:\WINDOWS\altvxvm.dll
2005-09-06 01:19 17,144 ----a-w C:\Documents and Settings\Jenny Ford\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 21:00 344064]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-12 07:25 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 11:26 65536]
"MemoryCardManager"="C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe" [2004-02-02 13:58 139264]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-03-12 07:25 11776]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-12 06:51:51 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

S3 oflpydin;oflpydin;C:\DOCUME~1\JENNYF~1\LOCALS~1\Temp\oflpydin.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 15:55:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 13:38:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-16 13:42:16 - machine was rebooted [Jenny Ford]
ComboFix-quarantined-files.txt 2008-05-16 18:42:12

Pre-Run: 20,239,151,104 bytes free
Post-Run: 20,358,488,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

492 --- E O F --- 2008-05-14 08:02:22
Rdawg9's Avatar
Computer Specs
Junior Member with 16 posts.
  
Join Date: Apr 2008
Experience: Intermediate
17-May-2008, 03:48 PM #9
new hijackthis
and finally the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:42 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122177692896
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://webct.isu.edu/web-ct/en/img/b...umb_border.gif

--
End of file - 7722 bytes

Hey thanks for all of your help so far. I am already seeing improvements, the problem with the vulgar music is gone so thats nice
Cookiegal's Avatar
Administrator with 51,331 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
17-May-2008, 06:17 PM #10
Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\altvxvm.dll

Driver::
oflpydin

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Rdawg9's Avatar
Computer Specs
Junior Member with 16 posts.
  
Join Date: Apr 2008
Experience: Intermediate
19-May-2008, 03:26 AM #11
ok so here are the new combofix and hijackthis logs

ComboFix 08-05-12.1 -