downloader.generic.7 trojan

oddnjeff · 08-16-2008

I have the downloader.generic.7.AEOW trojan ruining my pc. It keeps coming up on AVG anti-virus and I can't seem to get rid of it. I have run advanced windows care, a-squared, and done a hi-jack this log (the site I sent it to didn't help much). I believe this trojan has removed my explorer.exe - I have to open taskmanager every time I reboot and add it, and I no longer can play music with real music player. Any ideas on what to do? Oh, I also have tried to do a system restore to over 7 prior dates, and it won't let me go back.

Jelly Bean · 08-16-2008

Hello and welcome to PC Help Forum.

You need to do the "Prework" link in red below on my signiture.

Then copy and paste results back here on your thread for our security team to help you.

oddnjeff · 08-16-2008

Here are the Deckard logs and the HiJack This logs. It you need me to put the Hijack This logs in the Hijack This forum, just let me know! Thanks again!

Deckard main.txt log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-16 11:18:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-08-16 17:18:36 UTC - RP680 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:13 AM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = SafeSearch | Protect your Internet searches against spyware, viruses, phishing scams, and identity theft
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Dogpile Web Search Home Page
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} (Dogpile Toolbar) - http://www.dogpile.com/info.dogpl/tb...?ver=2.2.3.887
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1178491799437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178491760312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab
O20 - Winlogon Notify: stfilter - stfilter.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
--
End of file - 6100 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080810-200519-965 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 spkrmon - c:\program files\analog devices\soundmax\spkrmon.exe <Not Verified; ; spkrmon Module>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: PSC 2170 Series
Device ID: USB\VID_03F0&PID_2B11&MI_00\6&2054125C&1&0000
Manufacturer:
Name: PSC 2170 Series
PNP Device ID: USB\VID_03F0&PID_2B11&MI_00\6&2054125C&1&0000
Service:

-- Scheduled Tasks -------------------------------------------------------------
2008-08-16 10:21:02 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-08-16 09:58:32 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-09 10:43:09 444 --a------ C:\WINDOWS\Tasks\WebReg 20080809104308.job
2008-07-06 14:25:08 396 --a------ C:\WINDOWS\Tasks\WebReg 20080706142507.job
2008-06-05 07:54:09 342 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1210305984.job

-- Files created between 2008-07-16 and 2008-08-16 -----------------------------
2008-08-16 09:53:54 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-08-15 19:34:35 0 d-------- C:\Program Files\a-squared Free
2008-08-14 18:29:29 0 d-------- C:\VundoFix Backups
2008-08-13 20:20:12 0 d-------- C:\Program Files\IObit
2008-08-10 21:13:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-08-10 20:24:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Digital Support
2008-08-10 20:23:08 0 d-------- C:\Program Files\Digital Support
2008-08-10 19:56:50 0 d-------- C:\Program Files\Trend Micro
2008-08-02 09:49:15 231258 --a------ C:\WINDOWS\Blubster_Toolbar_Uninstaller_8859.exe <Not Verified; Optisoft, S.L.; Blubster>
2008-08-02 09:49:12 0 d-------- C:\Program Files\Blubster Toolbar
2008-07-30 15:23:05 0 d-------- C:\Documents and Settings\Owner\Application Data\FunWebProducts
2008-07-30 15:19:58 0 d-------- C:\Program Files\MyWebSearch
2008-07-30 15:18:29 0 d-------- C:\Program Files\FunWebProducts
2008-07-29 15:27:34 7 --a------ C:\WINDOWS\system32\ngxt.bin
2008-07-29 13:41:16 7 --a------ C:\WINDOWS\system32\k86.bin
2008-07-29 13:28:13 10752 --a------ C:\WINDOWS\expmodule.exe
2008-07-29 13:27:56 10752 --a------ C:\WINDOWS\system32\~.exe
2008-07-26 13:57:34 0 --a------ C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-07-26 13:57:15 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-07-22 17:03:42 0 d-------- C:\Documents and Settings\All Users\Local Settings
2008-07-22 16:16:28 0 d-------- C:\NEW TEMP INTERNET FILES

-- Find3M Report ---------------------------------------------------------------
2008-08-16 09:31:48 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-08-16 09:18:57 0 d-------- C:\Program Files\Blubster
2008-08-15 03:19:12 0 d-------- C:\Program Files\Messenger
2008-08-03 11:44:01 0 d-------- C:\Program Files\Yahoo!
2008-08-03 11:44:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-31 17:25:20 0 d-------- C:\Program Files\VideoLAN
2008-07-31 17:22:18 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-31 17:21:15 0 d-------- C:\Program Files\Google
2008-07-06 20:15:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-07-06 17:32:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Sandlot Games
2008-06-05 19:24:35 716 --a------ C:\WINDOWS\ereg077.dat
2008-06-04 19:48:23 190 --a------ C:\WINDOWS\PowerReg.dat

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}"= C:\Program Files\Blubster Toolbar\v3.3.0.1\Blubster_Toolbar.dll [08/02/2008 09:49 AM 806912]
[-HKEY_CLASSES_ROOT\CLSID\{7EFBC57C-CD57-481F-B794-648FCE9C9116}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 09:45 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 12:09 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\stfilter]
stfilter.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-08-16 11:21:29 ------------

Deckard extra.txt log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 253.98 MiB / 39.8 MiB
Pagefile Memory (total/avail): 664.04 MiB / 221.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.27 MiB
C: is Fixed (NTFS) - 37.21 GiB total, 26.01 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD400BB-75FRA0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
\\.\PHYSICALDRIVE5 - HP psc 2175 USB Device

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG 7.5.524 v7.5.524 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer .exe:*:Enabled:explorer"
"C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:Blubster"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AUDRA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\AUDRA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=AUDRA
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------
Owner (admin)

-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advanced WindowsCare Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
American Greetings Print! Premium 1.00 --> c:\PROGRA~1\MINDSC~1\AGPrint\uninst32.exe /IFirs
American Greetings® Art & More Store --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mindscape\Art & More Store\Uninst.isu"
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bookkeeper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65418BAB-40FC-45DE-AB68-D1F23AD02E55}\setup.exe" -l0x9
Broadcom 440x Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
GNU Ghostscript 7.06 --> C:\gs\uninstgs.exe "C:\gs\gs7.06\uninstal.txt"
GNU Ghostscript Fonts --> C:\gs\uninstgs.exe "C:\gs\fonts\uninstal.txt"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
HP Driver Diagnostics --> MsiExec.exe /X{624D19C3-D55D-4368-BC10-9B53036D8358}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2170 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2170 series --> MsiExec.exe /X{93FB47FB-4FDF-4131-B5FD-7A37883868E7}
hp psc 2170 series --> rundll32 hpzcon07.dll,VendorJettison hp psc 2170 series
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Little Bear Rainy Day Activities --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Wonders\Little Bear Rainy Day Activities\Uninst.isu"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
PC Fixer --> "C:\Program Files\Digital Support\hta\dselevate.exe" "\"C:\Program Files\Digital Support\hta\dsweb.exe\" \"C:\Program Files\Digital Support\hta\uninst.htm\" wxh=5.3x3.8 noWait
PopCap ActiveX Control --> C:\Program Files\PopCap Games\PopCap ActiveX Control\Uninstall.exe
QuickTime 3.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"

-- Application Event Log -------------------------------------------------------
Event Record #/Type3334 / Error
Event Submitted/Written: 08/16/2008 10:35:38 AM
Event ID/Source: 2001 / Microsoft Office 11
Event Description:
Rejected Safe Mode action : Microsoft Office Word.
Event Record #/Type3333 / Error
Event Submitted/Written: 08/16/2008 09:57:12 AM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%AUDRA27 Real-Time Protection checkpoint has encountered an error and failed to start.
User: AUDRA\Owner
Checkpoint ID: 1
Error Code: 0x8000ffff
Error description: Catastrophic failure
Event Record #/Type3332 / Error
Event Submitted/Written: 08/16/2008 09:57:12 AM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%AUDRA27 Real-Time Protection checkpoint has encountered an error and failed to start.
User: AUDRA\Owner
Checkpoint ID: 1
Error Code: 0x80070005
Error description: Access is denied.
Event Record #/Type3327 / Warning
Event Submitted/Written: 08/16/2008 09:54:10 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type3324 / Warning
Event Submitted/Written: 08/16/2008 09:10:00 AM
Event ID/Source: 2002 / LoadPerf
Event Description:
The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type11967 / Warning
Event Submitted/Written: 08/16/2008 11:20:44 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%AUDRA27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AUDRA27 can't undo changes that you allow.
For more information please see the following:
%AUDRA275
Scan ID: {064EAAAC-06B1-4FC9-AF9E-3C1CE64C3BDF}
User: AUDRA\Owner
Name: %AUDRA271
ID: %AUDRA272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %AUDRA276
Alert Type: %AUDRA278
Detection Type: 1.1.1593.02
Event Record #/Type11966 / Warning
Event Submitted/Written: 08/16/2008 11:20:44 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%AUDRA27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AUDRA27 can't undo changes that you allow.
For more information please see the following:
%AUDRA275
Scan ID: {F87360D0-EA04-4AD6-AC61-9C07D49FD6C0}
User: AUDRA\Owner
Name: %AUDRA271
ID: %AUDRA272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %AUDRA276
Alert Type: %AUDRA278
Detection Type: 1.1.1593.02
Event Record #/Type11959 / Error
Event Submitted/Written: 08/16/2008 10:15:35 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058
Event Record #/Type11958 / Error
Event Submitted/Written: 08/16/2008 10:15:35 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1068" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Event Record #/Type11957 / Error
Event Submitted/Written: 08/16/2008 10:12:23 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

-- End of Deckard's System Scanner: finished at 2008-08-16 11:21:29 ------------

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:27 AM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = SafeSearch | Protect your Internet searches against spyware, viruses, phishing scams, and identity theft
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Dogpile Web Search Home Page
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} (Dogpile Toolbar) - http://www.dogpile.com/info.dogpl/tb...?ver=2.2.3.887
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1178491799437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178491760312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab
O20 - Winlogon Notify: stfilter - stfilter.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
--
End of file - 6147 bytes

Jelly Bean · 08-16-2008

Thankyou,I will just move you over to HJT section.

Pancake · 08-16-2008

Please download Malwarebytes' Anti-Malware from one of these places:

|MG| Malwarebytes Anti-Malware 1.24

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

==============================================

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

oddnjeff · 08-17-2008

I have downloaded Malwarebytes and ComboFix. I wanted to note that I had to open the taskmanager to install explorer.exe again to get back here.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 2
6:14:18 PM 8/16/2008
mbam-log-8-16-2008 (18-14-18).txt
Scan type: Quick Scan
Objects scanned: 38865
Time elapsed: 7 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 67
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 27
Files Infected: 190
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2bd02a28-2ce5-41e6-83db-6763e671cb86} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2d5d65cb-d4de-46d9-985f-f80d9f34c979} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4249d82a-882f-467b-9aa3-dcc40078ea69} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4fbe506d-6726-42b5-adb0-0b56af0aefb7} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54da8fe1-16cc-4304-921d-88dd591884ea} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6036eff9-4750-435d-ba00-2e4971a17954} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{67bffc72-f133-4c2a-8c2c-ec9b46ffb80c} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6b619bba-1bb8-47f4-85b2-aeee204afe3a} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e02ba95-d9bc-4e9f-ae33-38dd988cc868} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90b449e1-a378-4dbb-bae6-4f5492b954c4} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99d26682-d444-4106-b346-a31b25b315e4} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a76871a-cbeb-479c-9984-253aef6cb3e2} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9b11649a-0da6-4581-9a17-9da31ad7fd42} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7152573-fa25-4bea-8026-1ec8a5205d11} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ca7301e0-686c-4c7c-95b7-1b96d2ed1a61} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e831429a-73a3-44d4-8935-deec11216093} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a321a998-2771-4235-b458-6b09af6463b5} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogo2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\IExplorer Security Plug-in (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Internet Explorer Secure Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\IESkins (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOI (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOI\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOI\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOL (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOL\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOL\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Adware.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1155950.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385552.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1407952.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3383074.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\861318.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000037 403 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000047 858 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1058 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116977 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\117970 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\118060 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1382 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1399 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1410 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1411 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\159294 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16176 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\180320 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\184591 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18906 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22254 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\223385 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\224717 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25789 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27414 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28056 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\2843 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\286256 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29115 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\297534 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3048 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31980 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32290 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3338 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\341325 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34947 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35410 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36247 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38333 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39245 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41115 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43142 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43377 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43906 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44458 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\447414 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\475788 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49700 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\561663 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\579123 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\57966 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58197 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59234 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\618565 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\63770 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64446 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67469 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67564 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69263 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69626 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70650 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73922 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744260 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744758 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745064 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745175 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745251 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745356 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745751 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\746017 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748176 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748397 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748405 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\752651 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753026 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753335 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79806 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79972 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79977 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79987 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\8282 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86380 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\873 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\87843 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\89200 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93899 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93934 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\97964 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\99163 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\3688.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categoriz e.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_compariso n.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites .mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom .mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.m nu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mn u (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.m nu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor .mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo. mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.m nu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpag es.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1 000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2 000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3 000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_b ar.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_b bar1.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_l ogos.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_o ther.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.r es (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.re s (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.r es (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.x ip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1. xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir. xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xi p (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xi p (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_1000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_2000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_3000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_bar.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_bbar1.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_logos.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_other.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_we ather.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_i con.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.x ip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.x ip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1. xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathle gal.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.x ip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_**** ons.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegrou ps2.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegrou ps2.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_ menu.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_bu ttons.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\expmodule.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

ComboFix log:

ComboFix 08-08-15.04 - Owner 2008-08-16 18:26:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.66 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\zbucks.dat
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\X34LDHWX\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\X34LDHWX\interclick.com\ud.s ol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com\settings.sol
C:\Documents and Settings\Owner\Cookies\owner@about[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@delb.opt.fimserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@demr.opt.fimserve[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\owner@myspace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.dsmmadvantag e[1].txt
C:\Documents and Settings\Owner\Cookies\owner@walmart[2].txt
C:\Documents and Settings\Owner\Cookies\owner@web.checkm8[1].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.
2008-08-16 18:02 . 2008-08-16 18:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-16 18:01 . 2008-08-16 18:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 18:01 . 2008-08-16 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 18:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 18:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 11:18 . 2008-08-16 11:18 <DIR> d-------- C:\Deckard
2008-08-15 20:33 . 2008-08-15 20:33 27 --a------ C:\WINDOWS\sssTbarV2.ini
2008-08-15 19:34 . 2008-08-15 21:48 <DIR> d-------- C:\Program Files\a-squared Free
2008-08-15 15:50 . 2008-08-15 15:50 73 --a------ C:\WINDOWS\st_affiliate.ini
2008-08-14 18:29 . 2008-08-14 18:29 <DIR> d-------- C:\VundoFix Backups
2008-08-14 14:05 . 2008-05-01 08:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 20:20 . 2008-08-13 20:20 <DIR> d-------- C:\Program Files\IObit
2008-08-13 19:52 . 2008-08-13 19:52 1,077,632 --a------ C:\RegCureSetup_1501_RW.exe
2008-08-10 21:13 . 2008-08-10 21:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-08-10 20:24 . 2008-08-10 20:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Digital Support
2008-08-10 20:23 . 2008-08-10 20:24 <DIR> d-------- C:\Program Files\Digital Support
2008-08-10 19:56 . 2008-08-10 19:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-02 09:49 . 2008-08-16 08:31 <DIR> d-------- C:\Program Files\Blubster Toolbar
2008-08-02 09:49 . 2008-08-02 09:49 231,258 --a------ C:\WINDOWS\Blubster_Toolbar_Uninstaller_8859.exe
2008-07-31 09:10 . 2008-07-31 09:10 268 --ah----- C:\sqmdata08.sqm
2008-07-31 09:10 . 2008-07-31 09:10 244 --ah----- C:\sqmnoopt07.sqm
2008-07-29 15:27 . 2008-08-06 20:14 7 --a------ C:\WINDOWS\system32\ngxt.bin
2008-07-26 13:57 . 2008-07-27 10:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-26 13:57 . 2008-07-26 13:57 0 --a------ C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-07-22 16:16 . 2008-07-22 16:16 <DIR> d-------- C:\NEW TEMP INTERNET FILES
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-16 15:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-08-16 15:18 --------- d-----w C:\Program Files\Blubster
2008-08-03 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 17:44 --------- d-----w C:\Program Files\Yahoo!
2008-07-31 23:25 --------- d-----w C:\Program Files\VideoLAN
2008-07-31 23:22 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-31 23:21 --------- d-----w C:\Program Files\Google
2008-07-25 16:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 02:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-07-06 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-07-06 23:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sandlot Games
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
------- Sigcheck -------
2003-07-16 14:49 22016 e931e0a2b8bf0019db902e98d03662cb C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 01:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-04 01:56 24576 7d5a28398f3ba2d9f33429d05d159b62 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 09:45 579584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 17:30 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 19:29 39264]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 01:56 53760 C:\WINDOWS\system32\narrator.exe]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\dr ivers\mbamswissarmy.sys [2008-07-30 20:07]
*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-17 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2008-06-05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1210305984.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
2008-08-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-08-09 C:\WINDOWS\Tasks\WebReg 20080809104308.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 18:06]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe
Notify-stfilter - stfilter.dll

.
------- Supplementary Scan -------
.
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 -: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 18:30:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-08-16 18:34:08
ComboFix-quarantined-files.txt 2008-08-17 00:33:51
Pre-Run: 27,784,376,320 bytes free
Post-Run: 27,792,506,880 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
160 --- E O F --- 2008-08-16 09:03:38

Current HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:30 PM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} (Dogpile Toolbar) - http://www.dogpile.com/info.dogpl/tb...?ver=2.2.3.887
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1178491799437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178491760312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
--
End of file - 5829 bytes

Pancake · 08-17-2008

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\st_affiliate.ini
C:\WINDOWS\sssTbarV2.ini
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\WINDOWS\system32\ngxt.bin

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

08-16-2008	#2
Jelly Bean Stoooooopid Girl. Join Date: Feb 2008 Location: Swansea Posts: 12,700 PC Experience: None.	Re: downloader.generic.7 trojan Hello and welcome to PC Help Forum. You need to do the "Prework" link in red below on my signiture. Then copy and paste results back here on your thread for our security team to help you. __________________ Rwy'n ceisio fy ngorau.

08-16-2008	#4
Jelly Bean Stoooooopid Girl. Join Date: Feb 2008 Location: Swansea Posts: 12,700 PC Experience: None.	Re: downloader.generic.7 trojan Thankyou,I will just move you over to HJT section. __________________ Rwy'n ceisio fy ngorau.

08-16-2008	#5
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,798 PC Experience: Elite PC Guru	Re: downloader.generic.7 trojan Please download Malwarebytes' Anti-Malware from one of these places: \|MG\| Malwarebytes Anti-Malware 1.24 http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ============================================== Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2 The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. __________________ An Australian Member of and My real name is Eddy

08-17-2008	#6
oddnjeff Bronze Member Join Date: Aug 2008 Posts: 3 PC Experience: Experienced	Re: downloader.generic.7 trojan I have downloaded Malwarebytes and ComboFix. I wanted to note that I had to open the taskmanager to install explorer.exe again to get back here. Malwarebytes log: Malwarebytes' Anti-Malware 1.24 Database version: 1059 Windows 5.1.2600 Service Pack 2 6:14:18 PM 8/16/2008 mbam-log-8-16-2008 (18-14-18).txt Scan type: Quick Scan Objects scanned: 38865 Time elapsed: 7 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 67 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 27 Files Infected: 190 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2bd02a28-2ce5-41e6-83db-6763e671cb86} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2d5d65cb-d4de-46d9-985f-f80d9f34c979} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4249d82a-882f-467b-9aa3-dcc40078ea69} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4fbe506d-6726-42b5-adb0-0b56af0aefb7} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{54da8fe1-16cc-4304-921d-88dd591884ea} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6036eff9-4750-435d-ba00-2e4971a17954} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{67bffc72-f133-4c2a-8c2c-ec9b46ffb80c} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6b619bba-1bb8-47f4-85b2-aeee204afe3a} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8e02ba95-d9bc-4e9f-ae33-38dd988cc868} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90b449e1-a378-4dbb-bae6-4f5492b954c4} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{99d26682-d444-4106-b346-a31b25b315e4} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9a76871a-cbeb-479c-9984-253aef6cb3e2} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9b11649a-0da6-4581-9a17-9da31ad7fd42} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a7152573-fa25-4bea-8026-1ec8a5205d11} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ca7301e0-686c-4c7c-95b7-1b96d2ed1a61} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e831429a-73a3-44d4-8935-deec11216093} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a321a998-2771-4235-b458-6b09af6463b5} (Rogue.Spylocked) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogo2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\IExplorer Security Plug-in (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Internet Explorer Secure Bar (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\IESkins (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOI (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOI\dynamic (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOI\static (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOL (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOL\dynamic (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\HostOL\static (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Adware.Agent) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1155950.sdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385552.sdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1407952.sdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3383074.sdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\861318.sdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000037 403 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000047 858 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1058 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116977 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\117970 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\118060 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1382 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1399 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1410 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1411 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\159294 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16176 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\180320 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\184591 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18906 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22254 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\223385 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\224717 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25789 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27414 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28056 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\2843 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\286256 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29115 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\297534 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3048 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31980 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32290 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3338 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\341325 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34947 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35410 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36247 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38333 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39245 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41115 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43142 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43377 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43906 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44458 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\447414 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\475788 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49700 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\561663 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\579123 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\57966 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58197 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\59234 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\618565 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\63770 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64446 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67469 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67564 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69263 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69626 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70650 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73922 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744260 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744758 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745064 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745175 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745251 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745356 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745751 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\746017 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748176 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748397 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748405 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\752651 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753026 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753335 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79806 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79972 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79977 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79987 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\8282 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86380 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\873 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\87843 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\89200 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93899 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93934 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\97964 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\99163 (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\3688.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categoriz e.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_compariso n.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites .mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom .mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.m nu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mn u (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.m nu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor .mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo. mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.m nu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpag es.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1 000.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2 000.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3 000.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_b ar.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_b bar1.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_l ogos.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_o ther.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.r es (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.re s (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.r es (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.x ip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1. xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir. xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xi p (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xi p (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_1000.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_2000.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_3000.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_bar.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_bbar1.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_logos.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_bu ttons_other.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_we ather.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_i con.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.x ip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.x ip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1. xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathle gal.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.x ip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_**** ons.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegrou ps2.txt (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegrou ps2.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_ menu.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_bu ttons.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\expmodule.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. ComboFix log: ComboFix 08-08-15.04 - Owner 2008-08-16 18:26:05.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.66 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Application Data\FunWebProducts C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\zbucks.dat C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\X34LDHWX\interclick.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\X34LDHWX\interclick.com\ud.s ol C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com\settings.sol C:\Documents and Settings\Owner\Cookies\owner@about[2].txt C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt C:\Documents and Settings\Owner\Cookies\owner@ads.revsci[1].txt C:\Documents and Settings\Owner\Cookies\owner@delb.opt.fimserve[1].txt C:\Documents and Settings\Owner\Cookies\owner@demr.opt.fimserve[2].txt C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt C:\Documents and Settings\Owner\Cookies\owner@myspace[1].txt C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt C:\Documents and Settings\Owner\Cookies\owner@tracking.dsmmadvantag e[1].txt C:\Documents and Settings\Owner\Cookies\owner@walmart[2].txt C:\Documents and Settings\Owner\Cookies\owner@web.checkm8[1].txt C:\WINDOWS\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))) . 2008-08-16 18:02 . 2008-08-16 18:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-08-16 18:01 . 2008-08-16 18:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-16 18:01 . 2008-08-16 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-16 18:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-16 18:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 11:18 . 2008-08-16 11:18 <DIR> d-------- C:\Deckard 2008-08-15 20:33 . 2008-08-15 20:33 27 --a------ C:\WINDOWS\sssTbarV2.ini 2008-08-15 19:34 . 2008-08-15 21:48 <DIR> d-------- C:\Program Files\a-squared Free 2008-08-15 15:50 . 2008-08-15 15:50 73 --a------ C:\WINDOWS\st_affiliate.ini 2008-08-14 18:29 . 2008-08-14 18:29 <DIR> d-------- C:\VundoFix Backups 2008-08-14 14:05 . 2008-05-01 08:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 20:20 . 2008-08-13 20:20 <DIR> d-------- C:\Program Files\IObit 2008-08-13 19:52 . 2008-08-13 19:52 1,077,632 --a------ C:\RegCureSetup_1501_RW.exe 2008-08-10 21:13 . 2008-08-10 21:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7 2008-08-10 20:24 . 2008-08-10 20:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Digital Support 2008-08-10 20:23 . 2008-08-10 20:24 <DIR> d-------- C:\Program Files\Digital Support 2008-08-10 19:56 . 2008-08-10 19:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-02 09:49 . 2008-08-16 08:31 <DIR> d-------- C:\Program Files\Blubster Toolbar 2008-08-02 09:49 . 2008-08-02 09:49 231,258 --a------ C:\WINDOWS\Blubster_Toolbar_Uninstaller_8859.exe 2008-07-31 09:10 . 2008-07-31 09:10 268 --ah----- C:\sqmdata08.sqm 2008-07-31 09:10 . 2008-07-31 09:10 244 --ah----- C:\sqmnoopt07.sqm 2008-07-29 15:27 . 2008-08-06 20:14 7 --a------ C:\WINDOWS\system32\ngxt.bin 2008-07-26 13:57 . 2008-07-27 10:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2008-07-26 13:57 . 2008-07-26 13:57 0 --a------ C:\Documents and Settings\Owner\jagex_runescape_preferences.dat 2008-07-22 16:16 . 2008-07-22 16:16 <DIR> d-------- C:\NEW TEMP INTERNET FILES . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-08-16 15:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7 2008-08-16 15:18 --------- d-----w C:\Program Files\Blubster 2008-08-03 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-03 17:44 --------- d-----w C:\Program Files\Yahoo! 2008-07-31 23:25 --------- d-----w C:\Program Files\VideoLAN 2008-07-31 23:22 --------- d-----w C:\Program Files\Hewlett-Packard 2008-07-31 23:21 --------- d-----w C:\Program Files\Google 2008-07-25 16:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-07 02:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo! 2008-07-06 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-07-06 23:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sandlot Games 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys . ------- Sigcheck ------- 2003-07-16 14:49 22016 e931e0a2b8bf0019db902e98d03662cb C:\WINDOWS\$NtServicePackUninstall$\userinit.exe 2004-08-04 01:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2004-08-04 01:56 24576 7d5a28398f3ba2d9f33429d05d159b62 C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 09:45 579584] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 17:30 219136] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 19:29 39264] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 01:56 53760 C:\WINDOWS\system32\narrator.exe] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system] "DisableLockWorkstation"= 0 (0x0) "DisableChangePassword"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\dr ivers\mbamswissarmy.sys [2008-07-30 20:07] Newly Created Service - CATCHME Newly Created Service - MBAMSWISSARMY Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-17 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] 2008-06-05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1210305984.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56] 2008-08-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2008-08-09 C:\WINDOWS\Tasks\WebReg 20080809104308.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 18:06] . - - - - ORPHANS REMOVED - - - - HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe Notify-stfilter - stfilter.dll . ------- Supplementary Scan ------- . R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 -: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 18:30:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-08-16 18:34:08 ComboFix-quarantined-files.txt 2008-08-17 00:33:51 Pre-Run: 27,784,376,320 bytes free Post-Run: 27,792,506,880 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 160 --- E O F --- 2008-08-16 09:03:38 Current HiJack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:39:30 PM, on 8/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} (Dogpile Toolbar) - http://www.dogpile.com/info.dogpl/tb...?ver=2.2.3.887 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1178491799437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178491760312 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- End of file - 5829 bytes

08-16-2008	#1
oddnjeff Bronze Member Join Date: Aug 2008 Posts: 3 PC Experience: Experienced	downloader.generic.7 trojan I have the downloader.generic.7.AEOW trojan ruining my pc. It keeps coming up on AVG anti-virus and I can't seem to get rid of it. I have run advanced windows care, a-squared, and done a hi-jack this log (the site I sent it to didn't help much). I believe this trojan has removed my explorer.exe - I have to open taskmanager every time I reboot and add it, and I no longer can play music with real music player. Any ideas on what to do? Oh, I also have tried to do a system restore to over 7 prior dates, and it won't let me go back.

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Koran-Spouting Trojan Is First Example of 'Moralityware'	joe5	Security Watch	1	11-24-2007 08:40 PM
Pending: trojan	harrylime	Spyware / AdWare	3	06-02-2007 10:19 AM
Cryzip Trojan Encrypts Files, Demands Ransom	joe5	Security Watch	0	03-16-2006 09:49 PM
Trojan Horse program that targets Google Adsense ads has been detected	joe5	Security Watch	0	01-03-2006 07:08 AM
Spammed Trojan horse attempts to turn off security on attacked PCs.	joe5	Security Watch	0	09-20-2005 05:09 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode