Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Ultimate Defender, Trojans, Viruses, And Adware.


  • Please log in to reply
10 replies to this topic

#1 Watts3643

Watts3643

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 September 2007 - 08:12 PM

Hi, I'm new to these forums, however I have a serious infection on my computer and desperatly need help. about a month ago a program called Ultimate Defender appeared with a bubble saying integrity threats detected.
I ran AVG, Super Anti-Spyware, and Spybot. Each was unable to remove this program. It wasn't until recently however, that AVG pops up messages about viruses and trojans it has detected every time I log in. I've ran ComboFix, but it freezes after completing step 8. The computer has dropped in speed, and I am now recieving pornographic popups every 10-15 minutes or so. I really have nowhere to turn, please help me. Here is my HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06, on 2007-09-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\All Users\Application Data\levoxube.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\wbem\csrss.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\l2mfix\superasrunner\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SecCenter\scprot4.exe
C:\SPYWAR~1\swdoctor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\l2mfix\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\l2mfix\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C2EC157A9CAC75760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\SYSTEM32\MSDN_LIB.DLL (file missing)
O2 - BHO: (no name) - {4522BF4C-91AA-2AC7-F6C3-02F9FA534F67} - C:\Program Files\Uhcdsleo\jrqawxbj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6AD726B7-E6B0-17F3-90D4-08135AC49F11} - C:\Program Files\Ptzwmivp\housppcm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O2 - BHO: 0 - {E9E7B2CF-C42C-4863-F9A1-5D490FB60D9C} - C:\Program Files\WindowsUpdate\lagusif.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ms04790943-932] C:\WINDOWS\ms04790943-932.exe
O4 - HKLM\..\Run: [win32060943-93279] C:\WINDOWS\win32060943-93279.exe
O4 - HKLM\..\Run: [evniiauA] C:\WINDOWS\evniiauA.exe
O4 - HKLM\..\Run: [sys10-932790943] C:\WINDOWS\sys10-932790943.exe
O4 - HKLM\..\Run: [sys0232790943-9] C:\WINDOWS\sys0232790943-9.exe
O4 - HKLM\..\Run: [25202228202A292] 6A65676D656F6.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [levoxube.exe] C:\Documents and Settings\All Users\Application Data\levoxube.exe
O4 - HKLM\..\Run: [onyxclor] rundll32.exe "C:\Program Files\onyxclor\cdgtudub.dll",Init
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bkzetcru] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bkzetcru.dll"
O4 - HKLM\..\Run: [juzwhwhy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\juzwhwhy.dll"
O4 - HKLM\..\Run: [cyoifmjp] C:\Program Files\Xrscnuck\cyoifmjp.exe
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\system32\wbem\csrss.exe
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [zqluvuta] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zqluvuta.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\l2mfix\superasrunner\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Taylor\Local Settings\Temp\{0EB186AE-762C-4C70-AAC9-8AE7240732AE}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Red Storm Entertainment\GRAW_PC_demo\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553538600} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: !SASWinLogon - C:\l2mfix\superasrunner\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinUpdate - Unknown owner - C:\WINDOWS\system32\wnupdate.exe (file missing)

--
End of file - 12146 bytes

Edited by Watts3643, 14 September 2007 - 08:14 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 15 September 2007 - 08:27 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Watts3643 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player


Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Watts3643

Watts3643
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 15 September 2007 - 01:40 PM

Thank you so much for your help,

SDFix Report


SDFix: Version 1.79

Run by Taylor - 2007-09-15 - 14:04:14.73

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\l2mfix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\csrss.exe - Deleted
C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\system32\~.exe - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Americas Army 2.5\\System\\ArmyOps.exe"="C:\\Americas Army 2.5\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"="C:\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe:*:Enabled:GhostRecon"
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"="C:\\Program Files\\ubi.com\\Core\\GS4.exe:*:Enabled:ubi.com Game Service"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe:*:Enabled:dfbhd"
"C:\\DUKE3D\\eduke32.exe"="C:\\DUKE3D\\eduke32.exe:*:Enabled:eduke32"
"C:\\DUKE3D\\DUKE3D.EXE"="C:\\DUKE3D\\DUKE3D.EXE:*:Enabled:DUKE3D"
"D:\\Program Files\\AIM95\\aim.exe"="D:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger (SM)"
"C:\\SNES\\zsnesw.exe"="C:\\SNES\\zsnesw.exe:*:Enabled:zsnesw"
"C:\\Documents and Settings\\Derek\\Local Settings\\Temp\\~os198.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Derek\\Local Settings\\Temp\\~os198.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Americas Army 2.5\\System\\Server.exe"="C:\\Americas Army 2.5\\System\\Server.exe:*:Enabled:Server"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Red Storm Entertainment\\GRAW_PC_demo\\GRAW_demo.exe"="C:\\Red Storm Entertainment\\GRAW_PC_demo\\GRAW_demo.exe:*:Enabled:GRAW_demo"
"C:\\BattleField2\\battlefield_2_demo\\Bf2_w32ded.exe"="C:\\BattleField2\\battlefield_2_demo\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\\BattleField2\\battlefield_2_demo\\BF2VoipServer.exe"="C:\\BattleField2\\battlefield_2_demo\\BF2VoipServer.exe:*:Enabled:BF2VoipServer"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow MultiPlayer Demo\\online\\System\\pandora_detection.exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow MultiPlayer Demo\\online\\System\\pandora_detection.exe:*:Enabled:pandora_detection"
"C:\\DUKE3D\\Kali.exe"="C:\\DUKE3D\\Kali.exe:*:Enabled:Kali II (Ver 2.613)"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\GBA\\SecondLife\\SecondLife.exe"="C:\\GBA\\SecondLife\\SecondLife.exe:*:Enabled:Second Life"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"="C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe:*:Enabled:Halo"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"="C:\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE:*:Enabled:UPDATE"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\l2mfix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Replay Converter\cygz.dll
C:\Program Files\InterActual\InterActual Player\iti1A9.tmp

Finished


ComboFix Log

ComboFix 07-09-14.2 - "Taylor" 2007-09-15 14:19:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.525 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\bkzetcru.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\juzwhwhy.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\zqluvuta.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSA.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSA_kyf.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSA_kyf_update.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSAAbout.mht
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSAau.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSAEULA.mht
C:\DOCUME~1\Chuck\APPLIC~1\macromedia\Flash Player\#SharedObjects\DSPDXCYE\www.broadcaster.com
C:\DOCUME~1\Chuck\APPLIC~1\macromedia\Flash Player\#SharedObjects\DSPDXCYE\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Chuck\APPLIC~1\macromedia\Flash Player\#SharedObjects\DSPDXCYE\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Chuck\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Chuck\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte10_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte11_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte12_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte13_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte14_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte19_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte20_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte21_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030104_emte9_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\030203lib_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102angel_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102bigluf_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102birthday_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102cheers_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102flo_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102good_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102jump_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102king_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102lough_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102luf_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102smile_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102smiled_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102sor_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102thanx_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\033102uhu_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\040103ahh_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\040103wow_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\040104_emi2_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\042102_1134_112_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\050103big_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\050103gig_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\050103hm_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\050103norm_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema15_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema16_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema17_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema18_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema19_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema20_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema21_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema24_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema25_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema26_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema30_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema33_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\060104_ema34_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\062802hippi_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\062802jumpie_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\080402argh_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\080402oops_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\080402ouch_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\082502no_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\082502yes_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_boring1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_confused_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_crying_ugly_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_fantastic_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_feel_better_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_gimme_break_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_heehee_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_hlopaet_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_ign_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_lol_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_no_comment_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_peace_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_smashing_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\110103_talk2thehand_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\block_sm.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\block_sm2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\block_smli.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\block_smli2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\blocked.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\blocked2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_add-but.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_back-but.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_left_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_left_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_middle_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_middle_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_right_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\btn_right_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\business_promo.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\buttondir.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\components.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\css_cattree.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\css_flashpreview.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\css2_main.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\css2_pagingmodule.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\css2_topbuttons.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\cursors.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\delete.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\edit_clear_sound.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\edit_fs.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\edit_select.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-543450.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-548964.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-589306.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-591943.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-592579.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-598579.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-603763.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511724-9696.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-511745-514279.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-bcards.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-ecards.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-estationery.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-funny.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-help.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-images.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-info.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-more.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-my.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-new.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-new2.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-options.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-people.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-photo.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-tell.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-temp.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-text.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def-email-voice.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-def.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-premium-email-premium.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-t1-bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\email-temp-bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\estatationery.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\flashpatch.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\flashpreview.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\fs3.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\hotbar_promo.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_checked_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_close_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_close_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_edit_preview.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_edit_send.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_flash_preview.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_recently_used.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_remove_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_remove_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_sand-clock2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_tell_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_tell_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_tree_null.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_unchecked_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\img_barlayout.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\img_barlayout2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\img_barlayout4.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\img_corner_left.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\img_local_logo.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_basetemplate.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_hbgroups.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_hbobject3.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_hbobjectset3.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_hotbarwrapper.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_texts3.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\js2_xmltree3nf.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\layout.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\linkpathlegal.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\n.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\nav_b_2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\nav_bb_2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\nav_f_2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\nav_ff_2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\pro_hb_fo_word.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\progress.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\sales_buttons.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\searchbtn.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\seekmo_btn.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\submit.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_bg.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_bga.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_bgia.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_l.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_la.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_lia.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_r.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_ra.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tab_ria.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tree_dots.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tree_minus.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\tree_plus.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\treedata_animations.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\treedata_backgrounds.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\treedata_ecards.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\treedata_emoticons.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\treedata_notifiers.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\1\treedata_text.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte10_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte11_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte12_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte13_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte14_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte19_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte20_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte21_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030104_emte9_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\030203lib_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102angel_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102bigluf_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102bigsmile_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102birthday_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102cheers_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102flo_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102good_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102jump_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102king_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102lough_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102luf_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102smile_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102smiled_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102sor_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102thanx_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\033102uhu_1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\040103ahh_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\040103wow_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\040104_emi2_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\042102_1134_112_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\050103big_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\050103gig_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\050103hm_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\050103nomail_emoti_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\050103norm_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema15_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema16_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema17_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema18_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema19_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema20_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema21_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema24_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema25_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema26_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema30_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema33_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\060104_ema34_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\062802hippi_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\062802jumpie_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\080402argh_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\080402oops_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\080402ouch_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\082502no_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\082502yes_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_boring1_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_confused_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_crying_ugly_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_fantastic_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_feel_better_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_gimme_break_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_heehee_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_hlopaet_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_ign_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_lol_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_no_comment_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_peace_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_smashing_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\110103_talk2thehand_prv.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\block_sm.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\block_sm2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\block_smli.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\block_smli2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\blocked.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\blocked2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_add-but.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_back-but.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_left_cut_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_left_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_left_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_middle_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_middle_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_right_cut_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_right_enabled_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\btn_right_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\business_promo.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\buttondir.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\components.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\css_cattree.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\css_flashpreview.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\css2_main.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\css2_pagingmodule.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\css2_topbuttons.css
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\cursors.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\delete.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\edit_clear_sound.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\edit_fs.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\edit_select.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-543450.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-548964.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-589306.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-591943.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-592579.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-598579.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-603763.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511724-9696.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-511745-514279.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-bcards.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-ecards.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-emoticons.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-estationery.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-funny.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-help.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-images.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-info.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-more.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-my.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-new.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-new2.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-options.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-people.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-photo.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-tell.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-temp.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-text.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def-email-voice.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-def.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-premium-email-premium.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-t1-bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\email-temp-bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\estatationery.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\flashpatch.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\flashpreview.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\fs3.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\hotbar_promo.htm
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_checked_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_close_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_close_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_edit_preview.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_edit_send.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_flash_preview.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_recently_used.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_remove_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_remove_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_sand-clock2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_tell_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_tell_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_tree_null.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_unchecked_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\icon_unchecked_pressed_1.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\img_barlayout.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\img_barlayout2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\img_barlayout4.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\img_corner_left.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\img_local_logo.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_basetemplate.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_hbgroups.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_hbobject3.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_hbobjectset3.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_hotbarwrapper.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_iteratorsandreaders3nf.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_pagingmoduleobj3.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_texts3.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\js2_xmltree3nf.js
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\layout.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\linkpathlegal.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\n.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\nav_b_2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\nav_bb_2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\nav_f_2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\nav_ff_2.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\pro_hb_fo_word.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\progress.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\sales_buttons.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\searchbtn.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\seekmo_btn.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\submit.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_bg.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_bga.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_bgia.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_l.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_la.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_lia.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_r.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_ra.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tab_ria.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tree_dots.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tree_minus.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\tree_plus.gif
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\treedata_animations.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\treedata_backgrounds.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\treedata_ecards.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\treedata_emoticons.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\treedata_notifiers.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\2\treedata_text.xml
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\business_promo.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\buttondir.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\code.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\cursors.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\email-def.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\email-temp-bg.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\hotbar_promo.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\images.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\layout.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\localcontent.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\pro_hb_fo_word.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\progress.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\seekmo_btn.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\HostOL\static\DownLoad\treexml.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\1.sdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\1385552.sdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\1398104.sdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\3852203.sdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\600583.sdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\domains.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12776
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13546
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\286256
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32242
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3338
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34513
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39245
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42208
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43638
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44458
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\475788
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54473
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66836
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68257
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6873
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745304
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79972
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79989
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93934
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\97900
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\ustat\3586.dat
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\ustat\3587.dat
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\ustat\3588.dat
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\btntrans.idx
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\buttondir.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\components.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\cursors.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\default.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\icons2.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\ie_video.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\keywords.idx
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\keywords1.dat
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\layout.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\progress.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\seekmo.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\t2_bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\theweb.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\top7.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\btntrans.idx
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\buttondir.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\components.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\cursors.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\default.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\icons2.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\ie_video.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\keywords.idx
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\keywords1.dat
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\layout.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\progress.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\seekmo.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\t2_bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\theweb.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\top7.cdf
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
C:\DOCUME~1\Chuck\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
C:\DOCUME~1\Derek\APPLIC~1\MCROSO~1.NET
C:\DOCUME~1\Derek\APPLIC~1\MCROSO~1.NET\M?crosoft.NET\
C:\DOCUME~1\Derek\APPLIC~1\Sskcwrd.dll
C:\DOCUME~1\Derek\APPLIC~1\Sskuknwrd.dll
C:\DOCUME~1\Derek\APPLIC~1\Starware
C:\DOCUME~1\Derek\APPLIC~1\Starware\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\Layouts\PreferencesLayout.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Layouts\PreferencesLayout.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\Layouts\ToolbarLayout.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\Manager\ManagerOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\Recipes\RecipesOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Recipes\RecipesOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\Reference\ReferenceOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Reference\ReferenceOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\Screensavers\ScreensaversOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Screensavers\ScreensaversOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\SearchMatch\SearchMatchOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\Tem51.tmp
C:\DOCUME~1\Derek\APPLIC~1\Starware\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\Derek\APPLIC~1\Starware\Weather\AlertArchive.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Weather\WeatherOptions.xml
C:\DOCUME~1\Derek\APPLIC~1\Starware\Weather\WeatherOptions.xml.backup
C:\DOCUME~1\Derek\STARTM~1\Programs\Startup\zeno.lnk
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Layouts\PreferencesLayout.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Layouts\PreferencesLayout.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Layouts\ToolbarLayout.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Manager\ManagerOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Recipes\RecipesOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Recipes\RecipesOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Reference\ReferenceOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Reference\ReferenceOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Screensavers\ScreensaversOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Screensavers\ScreensaversOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\SearchMatch\SearchMatchOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Weather\AlertArchive.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Weather\WeatherOptions.xml
C:\DOCUME~1\HEIDI~1.HOM\APPLIC~1\Starware\Weather\WeatherOptions.xml.backup
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\1.sdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\3852203.sdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12776
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32122
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34513
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42208
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\56113
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66836
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86587
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\873
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\89200
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\97498
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\dynamic\ustat\3588.dat
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\btntrans.idx
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\buttondir.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\components.cdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\cursors.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\default.cdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\icons2.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\ie_video.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\keywords.idx
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\keywords1.dat
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\layout.cdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\progress.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\seekmo.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\t2_bg.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\theweb.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\top7.cdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\btntrans.idx
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\buttondir.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\components.cdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\cursors.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\default.cdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\icons2.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\ie_video.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\keywords.idx
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\keywords1.dat
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\layout.cdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\progress.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\seekmo.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\t2_bg.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\theweb.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\top7.cdf
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.idx
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.idx
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
C:\DOCUME~1\LOCALS~1\APPLIC~1\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
C:\DOCUME~1\Rachael\APPLIC~1\Dxccwrd.dll
C:\DOCUME~1\Taylor\APPLIC~1\Dxccwrd.dll
C:\DOCUME~1\Taylor\LOCALS~1\APPLIC~1.\n.ini
C:\Program Files\asks~1
C:\Program Files\Common Files\{3866B~1
C:\Program Files\Common Files\{3866B~1\Bar888.dll
C:\Program Files\Common Files\sstem~1
C:\Program Files\onyxclor
C:\Program Files\onyxclor\cdgtudub.dll
C:\Program Files\Pfcfshxq
C:\Program Files\Pfcfshxq\jhrfwajr.dll
C:\Program Files\Ptzwmivp
C:\Program Files\Ptzwmivp\housppcm.dll
C:\Program Files\Rsnbfobs
C:\Program Files\Rsnbfobs\orrtvmby.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Tdrtlznm
C:\Program Files\Tdrtlznm\janymsio.dll
C:\Program Files\Uhcdsleo
C:\Program Files\Uhcdsleo\jrqawxbj.dll
C:\Program Files\Ygnpxtkw
C:\Program Files\Ygnpxtkw\ddsdzoij.dll
C:\temp\tn3
C:\WINDOWS\7search.dll
C:\WINDOWS\biprep.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\keyboard51.dat
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\hblbdnun
C:\WINDOWS\system32\hblbdnun\bg1.gif
C:\WINDOWS\system32\hblbdnun\bgtop.gif
C:\WINDOWS\system32\hblbdnun\bottom1.gif
C:\WINDOWS\system32\hblbdnun\essentials.gif
C:\WINDOWS\system32\hblbdnun\hblbdnun1.exe
C:\WINDOWS\system32\hblbdnun\hblbdnun2.exe
C:\WINDOWS\system32\hblbdnun\hblbdnun3.exe
C:\WINDOWS\system32\hblbdnun\icon1.ico
C:\WINDOWS\system32\hblbdnun\install1.gif
C:\WINDOWS\system32\hblbdnun\left1.gif
C:\WINDOWS\system32\hblbdnun\li.gif
C:\WINDOWS\system32\hblbdnun\logo.gif
C:\WINDOWS\system32\hblbdnun\main.htm
C:\WINDOWS\system32\hblbdnun\mainframe.htm
C:\WINDOWS\system32\hblbdnun\reinstall1.gif
C:\WINDOWS\system32\hblbdnun\right1.gif
C:\WINDOWS\system32\hblbdnun\s1.htm
C:\WINDOWS\system32\hblbdnun\s2.htm
C:\WINDOWS\system32\hblbdnun\s3.htm
C:\WINDOWS\system32\hblbdnun\SMTop1.gif
C:\WINDOWS\system32\hblbdnun\SMTop2.gif
C:\WINDOWS\system32\hblbdnun\SMTop3.gif
C:\WINDOWS\system32\hblbdnun\SMTop4.gif
C:\WINDOWS\system32\hblbdnun\soft1_off.gif
C:\WINDOWS\system32\hblbdnun\soft1_off_ext.gif
C:\WINDOWS\system32\hblbdnun\soft1_on.gif
C:\WINDOWS\system32\hblbdnun\soft1_on_ext.gif
C:\WINDOWS\system32\hblbdnun\soft2_off.gif
C:\WINDOWS\system32\hblbdnun\soft2_off_ext.gif
C:\WINDOWS\system32\hblbdnun\soft2_on.gif
C:\WINDOWS\system32\hblbdnun\soft2_on_ext.gif
C:\WINDOWS\system32\hblbdnun\soft3_off.gif
C:\WINDOWS\system32\hblbdnun\soft3_off_ext.gif
C:\WINDOWS\system32\hblbdnun\soft3_on.gif
C:\WINDOWS\system32\hblbdnun\soft3_on_ext.gif
C:\WINDOWS\system32\hblbdnun\softbottom_off.gif
C:\WINDOWS\system32\hblbdnun\softbottom_on.gif
C:\WINDOWS\system32\hblbdnun\softleft_off.gif
C:\WINDOWS\system32\hblbdnun\softleft_on.gif
C:\WINDOWS\system32\hblbdnun\top1.gif
C:\WINDOWS\system32\hblbdnun\top2.gif
C:\WINDOWS\system32\hblbdnun\turnoff1.gif
C:\WINDOWS\system32\hblbdnun\turnon1.gif
C:\WINDOWS\system32\k.dat
C:\WINDOWS\system32\kqgubstd
C:\WINDOWS\system32\kqgubstd\bg1.gif
C:\WINDOWS\system32\kqgubstd\bgtop.gif
C:\WINDOWS\system32\kqgubstd\bottom1.gif
C:\WINDOWS\system32\kqgubstd\essentials.gif
C:\WINDOWS\system32\kqgubstd\icon1.ico
C:\WINDOWS\system32\kqgubstd\install1.gif
C:\WINDOWS\system32\kqgubstd\kqgubstd1.exe
C:\WINDOWS\system32\kqgubstd\kqgubstd2.exe
C:\WINDOWS\system32\kqgubstd\kqgubstd3.exe
C:\WINDOWS\system32\kqgubstd\left1.gif
C:\WINDOWS\system32\kqgubstd\li.gif
C:\WINDOWS\system32\kqgubstd\logo.gif
C:\WINDOWS\system32\kqgubstd\main.htm
C:\WINDOWS\system32\kqgubstd\mainframe.htm
C:\WINDOWS\system32\kqgubstd\reinstall1.gif
C:\WINDOWS\system32\kqgubstd\right1.gif
C:\WINDOWS\system32\kqgubstd\s1.htm
C:\WINDOWS\system32\kqgubstd\s2.htm
C:\WINDOWS\system32\kqgubstd\s3.htm
C:\WINDOWS\system32\kqgubstd\SMTop1.gif
C:\WINDOWS\system32\kqgubstd\SMTop2.gif
C:\WINDOWS\system32\kqgubstd\SMTop3.gif
C:\WINDOWS\system32\kqgubstd\SMTop4.gif
C:\WINDOWS\system32\kqgubstd\soft1_off.gif
C:\WINDOWS\system32\kqgubstd\soft1_off_ext.gif
C:\WINDOWS\system32\kqgubstd\soft1_on.gif
C:\WINDOWS\system32\kqgubstd\soft1_on_ext.gif
C:\WINDOWS\system32\kqgubstd\soft2_off.gif
C:\WINDOWS\system32\kqgubstd\soft2_off_ext.gif
C:\WINDOWS\system32\kqgubstd\soft2_on.gif
C:\WINDOWS\system32\kqgubstd\soft2_on_ext.gif
C:\WINDOWS\system32\kqgubstd\soft3_off.gif
C:\WINDOWS\system32\kqgubstd\soft3_off_ext.gif
C:\WINDOWS\system32\kqgubstd\soft3_on.gif
C:\WINDOWS\system32\kqgubstd\soft3_on_ext.gif
C:\WINDOWS\system32\kqgubstd\softbottom_off.gif
C:\WINDOWS\system32\kqgubstd\softbottom_on.gif
C:\WINDOWS\system32\kqgubstd\softleft_off.gif
C:\WINDOWS\system32\kqgubstd\softleft_on.gif
C:\WINDOWS\system32\kqgubstd\top1.gif
C:\WINDOWS\system32\kqgubstd\top2.gif
C:\WINDOWS\system32\kqgubstd\turnoff1.gif
C:\WINDOWS\system32\kqgubstd\turnon1.gif
C:\WINDOWS\system32\lclcfg32.ini
C:\WINDOWS\system32\lfd32.ini
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\n2.ini
C:\WINDOWS\system32\scchk32.exe
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\updatetc.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE


((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.

2007-09-15 14:15 <DIR> d-------- C:\Program Files\Bxyuwngb
2007-09-15 13:48 <DIR> d-------- C:\Program Files\Rbkfxyei
2007-09-14 20:41 <DIR> d-------- C:\Program Files\Ewsufjnu
2007-09-14 19:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-14 19:26 10,240 --a------ C:\WINDOWS\system32\npdl.exe
2007-09-11 15:09 <DIR> d-------- C:\Program Files\Xrscnuck
2007-08-15 19:09 <DIR> d-------- C:\DOCUME~1\Chuck\APPLIC~1\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 13:53 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-14 19:38 --------- d-------- C:\Program Files\Sopfdatz
2007-08-14 19:38 --------- d-------- C:\DOCUME~1\Rachael\APPLIC~1\LimeWire
2007-08-13 14:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-13 14:32 --------- d-------- C:\Program Files\EA GAMES
2007-08-10 01:56 --------- d-------- C:\Program Files\1964
2007-08-07 22:13 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-07 22:13 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-07 22:13 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-24 21:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-23 13:16 --------- d-------- C:\Program Files\Revewakv
2007-07-20 15:16 --------- d-------- C:\Program Files\Szzbchgi
2007-07-20 06:47 --------- d-------- C:\Program Files\Jbcpizwi
2007-07-20 03:05 --------- d-------- C:\Program Files\Eidos
2007-07-14 10:15 46592 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\levoxube.exe
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2006-05-26 22:39 1 --a--c--- C:\DOCUME~1\Taylor\SI.bin
2005-10-22 12:15 12928508 --a--c--- C:\Program Files\wdm_a375.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38847C4B-1AB1-4A47-9026-9A6CF7B43D31}]
C:\WINDOWS\SYSTEM32\MSDN_LIB.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9E7B2CF-C42C-4863-F9A1-5D490FB60D9C}]
C:\Program Files\WindowsUpdate\lagusif.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDBitSet"="C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" [2003-07-18 15:57]
"DVDTray"="C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe" [2003-02-20 19:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54]
"DXDllRegExe"="dxdllreg.exe" []
"ms04790943-932"="C:\WINDOWS\ms04790943-932.exe" []
"win32060943-93279"="C:\WINDOWS\win32060943-93279.exe" []
"evniiauA"="C:\WINDOWS\evniiauA.exe" []
"sys10-932790943"="C:\WINDOWS\sys10-932790943.exe" []
"sys0232790943-9"="C:\WINDOWS\sys0232790943-9.exe" []
"25202228202A292"="6A65676D656F6.exe" []
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-05-01 14:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"STOPzilla"="C:\Program Files\STOPzilla!\STOPzilla.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:04]
"levoxube.exe"="C:\Documents and Settings\All Users\Application Data\levoxube.exe" [2007-07-14 10:15]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"cyoifmjp"="C:\Program Files\Xrscnuck\cyoifmjp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 06:40]
"SUPERAntiSpyware"="C:\l2mfix\superasrunner\SUPERAntiSpyware.exe" [2007-07-10 20:13]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Spyware Doctor\swdoctor.exe" /Q

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-07-07 15:21:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]

C:\DOCUME~1\Derek\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-10-25 14:28:15]

C:\DOCUME~1\Rachael\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-10-25 14:28:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\l2mfix\superasrunner\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\l2mfix\superasrunner\SASWINLO.dll 2007-04-19 13:41 294912 C:\l2mfix\superasrunner\SASWINLO.dll

R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S2 WinUpdate;WinUpdate;C:\WINDOWS\system32\wnupdate.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 18:33:32 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 14:34:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-15 14:35:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-15 14:35
.
--- E O F ---


HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:20 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\All Users\Application Data\levoxube.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\l2mfix\superasrunner\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\l2mfix\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C2EC157A9CAC75760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\SYSTEM32\MSDN_LIB.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O2 - BHO: 0 - {E9E7B2CF-C42C-4863-F9A1-5D490FB60D9C} - C:\Program Files\WindowsUpdate\lagusif.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ms04790943-932] C:\WINDOWS\ms04790943-932.exe
O4 - HKLM\..\Run: [win32060943-93279] C:\WINDOWS\win32060943-93279.exe
O4 - HKLM\..\Run: [evniiauA] C:\WINDOWS\evniiauA.exe
O4 - HKLM\..\Run: [sys10-932790943] C:\WINDOWS\sys10-932790943.exe
O4 - HKLM\..\Run: [sys0232790943-9] C:\WINDOWS\sys0232790943-9.exe
O4 - HKLM\..\Run: [25202228202A292] 6A65676D656F6.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [levoxube.exe] C:\Documents and Settings\All Users\Application Data\levoxube.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cyoifmjp] C:\Program Files\Xrscnuck\cyoifmjp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\l2mfix\superasrunner\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Taylor\Local Settings\Temp\{0EB186AE-762C-4C70-AAC9-8AE7240732AE}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Red Storm Entertainment\GRAW_PC_demo\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553538600} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\l2mfix\superasrunner\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinUpdate - Unknown owner - C:\WINDOWS\system32\wnupdate.exe (file missing)

--
End of file - 10552 bytes

#4 Watts3643

Watts3643
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 15 September 2007 - 01:46 PM

On a side note, while I was running ComboFix, at around the 11th or so stage AVG came up and said it caught two viruses and healed them.

Should I worry about them or did ComboFix delete it's creators? Thanks for all the help Richie, it was much needed and appreciated.

An other thing, a bubble telling me about new Java updates is popping up, should I update it or wait till I know everythings fixed?

Edit: I almost forgot, viewpoint manager and media player were the only two I could find in the Add/Remove programs. Viewpoint itself was not there.

Edit #2: Sorry to keep making these edits, but Ultimate Defender just came back saying Integrity Threats Detected again.

Edited by Watts3643, 15 September 2007 - 01:59 PM.


#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 15 September 2007 - 02:03 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\npdl.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\levoxube.exe

Folder::
C:\Program Files\Bxyuwngb
C:\Program Files\Rbkfxyei
C:\Program Files\Ewsufjnu
C:\Program Files\Xrscnuck
C:\Program Files\Sopfdatz
C:\Program Files\Revewakv
C:\Program Files\Szzbchgi
C:\Program Files\Jbcpizwi
C:\DOCUME~1\Chuck\APPLIC~1\Viewpoint
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38847C4B-1AB1-4A47-9026-9A6CF7B43D31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9E7B2CF-C42C-4863-F9A1-5D490FB60D9C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ms04790943-932"=-
"win32060943-93279"=-
"evniiauA"=-
"sys10-932790943"=-
"sys0232790943-9"=-
"25202228202A292"=-
"levoxube.exe"=-
"cyoifmjp"=-

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#6 Watts3643

Watts3643
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 15 September 2007 - 02:56 PM

ComboFix 07-09-14.2 - "Taylor" 2007-09-15 15:52:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.649 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Taylor\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\npdl.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\levoxube.exe
.

((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.

2007-09-14 19:59 51,200 --a------ C:\WINDOWS\NirCmd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-14 19:38 --------- d-------- C:\DOCUME~1\Rachael\APPLIC~1\LimeWire
2007-08-13 14:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-13 14:32 --------- d-------- C:\Program Files\EA GAMES
2007-08-10 01:56 --------- d-------- C:\Program Files\1964
2007-08-07 22:13 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-07 22:13 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-07 22:13 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-24 21:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-20 03:05 --------- d-------- C:\Program Files\Eidos
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2006-05-26 22:39 1 --a--c--- C:\DOCUME~1\Taylor\SI.bin
2005-10-22 12:15 12928508 --a--c--- C:\Program Files\wdm_a375.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDBitSet"="C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" [2003-07-18 15:57]
"DVDTray"="C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe" [2003-02-20 19:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54]
"DXDllRegExe"="dxdllreg.exe" []
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-05-01 14:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"STOPzilla"="C:\Program Files\STOPzilla!\STOPzilla.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:04]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 06:40]
"SUPERAntiSpyware"="C:\l2mfix\superasrunner\SUPERAntiSpyware.exe" [2007-07-10 20:13]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-07-07 15:21:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]

C:\DOCUME~1\Derek\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-10-25 14:28:15]

C:\DOCUME~1\Rachael\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-10-25 14:28:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\l2mfix\superasrunner\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\l2mfix\superasrunner\SASWINLO.dll 2007-04-19 13:41 294912 C:\l2mfix\superasrunner\SASWINLO.dll

R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S2 WinUpdate;WinUpdate;C:\WINDOWS\system32\wnupdate.exe

*Newly Created Service* - APPMGMT
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 19:49:12 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 15:54:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-15 15:55:19
C:\ComboFix-quarantined-files.txt ... 2007-09-15 15:54
C:\ComboFix2.txt ... 2007-09-15 14:35
.
--- E O F ---

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 16 September 2007 - 06:48 AM

Post the new Hijackthis log please.
Posted Image
Posted Image

#8 Watts3643

Watts3643
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 16 September 2007 - 02:23 PM

I'm sorry, I forgot to do that part.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:23 PM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\l2mfix\superasrunner\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\l2mfix\HijackThis.exe
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\l2mfix\superasrunner\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1409082233-1417001333-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Chuck')
O4 - HKUS\S-1-5-21-1409082233-1417001333-839522115-1004\..\Run: [csrss] C:\WINDOWS\csrss.exe (User 'Chuck')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Taylor\Local Settings\Temp\{0EB186AE-762C-4C70-AAC9-8AE7240732AE}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Red Storm Entertainment\GRAW_PC_demo\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553538600} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\l2mfix\superasrunner\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinUpdate - Unknown owner - C:\WINDOWS\system32\wnupdate.exe (file missing)

--
End of file - 9336 bytes

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 16 September 2007 - 04:53 PM

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
WinUpdate
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

Click Start>Run and type regedit then click OK.
Navigate to HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services
Scroll down the left pane,locate the service name:
WinUpdate
Right click on it 'Delete'.
Then restart your pc.

Have Hijack This fix the following if present, by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKUS\S-1-5-21-1409082233-1417001333-839522115-1004\..\Run: [csrss] C:\WINDOWS\csrss.exe (User 'Chuck')
O23 - Service: WinUpdate - Unknown owner - C:\WINDOWS\system32\wnupdate.exe (file missing)


Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log.
Let me know how your pc is running now please.
Posted Image
Posted Image

#10 Watts3643

Watts3643
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 16 September 2007 - 11:55 PM

It's running very well with no noticeable virus or ad symptoms, just a tad slow and a few bugs with closing some programs. I will try to do those steps as soon as I can, however I am getting prepared for a buiness trip, and won't be able to finish it for a bit. Thanks for your help so far.

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 17 September 2007 - 03:36 AM

Ok,thanks for the update.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users