Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

various errors pop ups, symantec alerts


  • This topic is locked This topic is locked

#1
rwbj

rwbj

    New Member

  • Member
  • Pip
  • 6 posts
Hi,

I have been asked to look at this notebook for a friend. Her kids use it all the time and are probably less than discreet in what they download. It came up with loads of popups yesterday and the day before but I did not see them nor do I have a coherent description of them!
Looking in the symantec logs, there are numerous entries for files trying to access several files such as:

Event Details:
Time: 5/17/2008 9:18:11 PM
Actor: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1112)
Target: C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE
Action: Unauthorized access
Reaction: Unauthorized access stopped

I have heard good things ablout you guys and hijack this so here is my logfile.

TIA
RWBJ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:56 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\WINDOWS\regedit.exe
C:\DOCUME~1\kayt\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis[1].zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C7E5177E9FAD6C2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.275.0\HostIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.275.0\HostIE.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.275.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.275.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe -nogui
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservice...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservice...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13594 bytes
  • 0

Advertisements


#2
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello rwbj

Before we can use "HijackThis" You must place this into it's own folder, If we ever need to restore any Item then this folder will safely store all entries and enable us to then use the "Back-up" feature that HijackThis offers

Create a New Folder HijackThis on the C: drive,

Open My Computer ( Windows key + E )
then double click on Local Disk (C:)
Once open right click and select New > Folder and Name the folder as you wish (eg: HijackThis)
Please now move HijackThis.exe into the new folder.


Go to Start > Control Panel > Add or Remove Programs and uninstall the following (if present):

Seekmo
Seekmo Search Assistant



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#3
rwbj

rwbj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Thanks for the advise. I have followed your instructions and attached the new files.

Many Thanks,

BJ

SDFix report.txt attached:
HijackThis log to follow:


SDFix: Version 1.184
Run by kayt on Tue 05/20/2008 at 08:38 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdf9x\SDFix

Checking Services :

Name :
tcpsr
TCI20

Path :
\??\C:\WINDOWS\System32\drivers\tcpsr.sys
System32\Drivers\Tci20.sys

tcpsr - Deleted
TCI20 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage

Rebooting

Service TCI20 - Deleted

Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CBOCR.DLL - Deleted
C:\DOCUME~1\kayt\LOCALS~1\Temp\zfe1.exe - Deleted
C:\DOCUME~1\kayt\LOCALS~1\Temp\zfe2.exe - Deleted
C:\DOCUME~1\kayt\LOCALS~1\Temp\zfe3.exe - Deleted
C:\DOCUME~1\kayt\LOCALS~1\Temp\zfe4.exe - Deleted
C:\DOCUME~1\kayt\LOCALS~1\Temp\zfe5.exe - Deleted
C:\DOCUME~1\kayt\LOCALS~1\Temp\zfe9.exe - Deleted
C:\Documents and Settings\kayt\Favorites\Online Security Test.url - Deleted
C:\WINDOWS\admintxt.txt - Deleted
C:\WINDOWS\system32\WinNt32.dll - Deleted
C:\WINDOWS\system32\drivers\TCI20.sys - Deleted



Folder C:\WINDOWS\system32\403445 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 20:53:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000cbf01427d]
"001247b97b18"=hex:b2,51,94,a3,14,c3,1f,91,eb,98,29,02,e3,c1,5f,11
"0015d3080121"=hex:12,2d,f8,d8,41,e4,8a,be,1c,9e,27,cd,32,80,09,a6
"001262ad646e"=hex:4b,47,68,a8,8a,d8,44,ba,68,d3,e2,a9,78,07,3f,80
"001ca411cb4e"=hex:6f,74,38,b4,8c,2c,f1,c5,89,ff,8c,d2,d6,78,b3,8c
"001b5911d11b"=hex:f8,44,fc,3d,25,1d,5a,e4,04,2b,38,78,69,f5,fc,5a
"0016209b1676"=hex:ea,fe,15,d0,2d,e0,77,4c,4e,b9,63,81,6a,bf,c5,a3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000cbf01427d]
"001247b97b18"=hex:b2,51,94,a3,14,c3,1f,91,eb,98,29,02,e3,c1,5f,11
"0015d3080121"=hex:12,2d,f8,d8,41,e4,8a,be,1c,9e,27,cd,32,80,09,a6
"001262ad646e"=hex:4b,47,68,a8,8a,d8,44,ba,68,d3,e2,a9,78,07,3f,80
"001ca411cb4e"=hex:6f,74,38,b4,8c,2c,f1,c5,89,ff,8c,d2,d6,78,b3,8c
"001b5911d11b"=hex:f8,44,fc,3d,25,1d,5a,e4,04,2b,38,78,69,f5,fc,5a
"0016209b1676"=hex:ea,fe,15,d0,2d,e0,77,4c,4e,b9,63,81,6a,bf,c5,a3

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :

TCI20



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WildTangent\\Blasterball 2\\BB2.exe"="C:\\Program Files\\WildTangent\\Blasterball 2\\BB2.exe:*:Enabled:BB2"
"C:\\Program Files\\MSN Messenger\\msrr.exe"="C:\\Program Files\\MSN Messenger\\msrr.exe:*:Disabled:Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\iVisit\\iVisit.exe"="C:\\Program Files\\iVisit\\iVisit.exe:*:Disabled: iVisit "
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\sdf9x\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 7 Feb 2007 5,297,976 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 7 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 25 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT7.tmp"

Finished!



HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:46 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HiJackThis.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSAUTORN.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C7E5177E9FAD6C2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.275.0\HostIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.275.0\HostIE.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.275.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.275.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe -nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12974 bytes

Kind Regards,

BJ
  • 0

#4
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello rwbj

Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O2 - BHO: Seekmo /fleok=1D8A83A5C7E5177E9FAD6C2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.275.0\HostIE.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.275.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.275.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.275.0\SeekmoSA.exe"
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll (file missing)

Close all other open windows and click on Fix checked, then exit HijackThis.


Right-click and Delete this bold folder:
C:\Program Files\Seekmo

-----------------------------

Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
http://www.majorgeek...ware_d5756.html
http://www.besttechi.../mbam-setup.exe

Once downloaded, close all programs and Windows on your computer (including this one.)
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.

On the Scanner tab, make sure the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results.
Make sure all entries have a checkmark at their far left.
Click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs' quarantine.

When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then do a File, Save and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.

Please post the MBAM results and a new HijackThis log.
  • 0

#5
rwbj

rwbj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

MBAM log attached as well as a new Hijackthis log.
I could not delete the seekmo directory as it wasnt there to delete. (I have hidden files/dirs visable, it just aint there!)

MBAM Log:
Scan type: Quick Scan
Objects scanned: 58661
Time elapsed: 2 hour(s), 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 129
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 1911

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fbb40fdf-b715-4342-ab82-244ecc66e979} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware368 (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.MFC\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.CRT\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\eskin (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\IESkins (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOL (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\2 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\DownLoad (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOL\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOL\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\dynamic\344stat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\static\1 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\static\2 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte10_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte11_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte12_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte13_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte14_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte19_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte20_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte21_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte9_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030203lib_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102angel_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigluf_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102birthday_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102cheers_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102flo_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102good_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102jump_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102king_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102lough_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102luf_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102smiled_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102smile_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102sor_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102thanx_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102uhu_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\040103ahh_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\040103wow_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\040104_emi2_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\042102_1134_112_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103big_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103gig_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103hm_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103norm_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema15_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema16_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema17_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema18_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema19_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema20_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema21_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema24_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema25_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema26_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema30_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema33_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema34_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\062802hippi_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\062802jumpie_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\080402argh_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\080402oops_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\080402ouch_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\082502no_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\082502yes_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_boring1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_confused_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_fantastic_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_feel_better_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_gimme_break_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_heehee_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_hlopaet_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_ign_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_lol_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_no_comment_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_peace_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_smashing_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\blocked.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\blocked2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_add-but.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_back-but.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\business_promo.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\buttondir.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\components.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css2_main.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css2_pagingmodule.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css2_topbuttons.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css_cattree.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css_flashpreview.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\cursors.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\delete.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\edit_clear_sound.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\edit_fs.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\edit_select.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-543450.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-548964.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-589306.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-591943.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-592579.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-598579.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-603763.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9595.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9696.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511745-514279.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-bcards.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-ecards.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-emoticons.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-estationery.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-funny.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-help.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-images.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-info.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-more.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-my.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new2.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-options.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-people.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-photo.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-tell.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-temp.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-text.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-voice.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-premium-email-premium.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-t1-bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-temp-bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\estatationery.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\flashpatch.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\flashpreview.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\fs3.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\hotbar_promo.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_checked_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_preview.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_send.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_flash_preview.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_recently_used.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_sand-clock2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tree_null.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout4.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_corner_left.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_local_logo.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_basetemplate.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbgroups.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobject3.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobjectset3.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hotbarwrapper.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_texts3.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_xmltree3nf.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\layout.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\linkpathlegal.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\n.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\nav_bb_2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\nav_b_2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\nav_ff_2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\nav_f_2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\progress.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\sales_buttons.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\searchbtn.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\seekmo_btn.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\submit.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bg.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bga.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bgia.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_l.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_la.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_lia.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_r.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ra.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ria.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_animations.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_backgrounds.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_ecards.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_emoticons.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_notifiers.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_text.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tree_dots.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tree_minus.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tree_plus.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte10_prv.gif (AdWare.Agent) -> Quarantined and deleted suc
  • 0

#6
rwbj

rwbj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

MBAM log attached as well as a new Hijackthis log.
I could not delete the seekmo directory as it wasnt there to delete. (I have hidden files/dirs visable, it just aint there!)

MBAM Log:
Scan type: Quick Scan
Objects scanned: 58661
Time elapsed: 2 hour(s), 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 129
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 1911

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fbb40fdf-b715-4342-ab82-244ecc66e979} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware368 (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.MFC\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.CRT\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\eskin (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\IESkins (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOL (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\2 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\DownLoad (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOL\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOL\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\dynamic\344stat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\static\1 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\static\2 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte10_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte11_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte12_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte13_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte14_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte19_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte20_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte21_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte9_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\030203lib_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102angel_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigluf_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102birthday_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102cheers_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102flo_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102good_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102jump_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102king_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102lough_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102luf_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102smiled_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102smile_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102sor_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102thanx_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\033102uhu_1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\040103ahh_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\040103wow_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\040104_emi2_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\042102_1134_112_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103big_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103gig_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103hm_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\050103norm_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema15_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema16_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema17_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema18_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema19_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema20_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema21_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema24_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema25_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema26_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema30_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema33_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\060104_ema34_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\062802hippi_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\062802jumpie_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\080402argh_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\080402oops_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\080402ouch_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\082502no_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\082502yes_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_boring1_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_confused_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_fantastic_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_feel_better_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_gimme_break_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_heehee_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_hlopaet_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_ign_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_lol_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_no_comment_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_peace_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_smashing_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\blocked.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\blocked2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\block_sm2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\block_smli2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_add-but.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_back-but.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_left_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_middle_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_enabled_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\btn_right_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\business_promo.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\buttondir.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\components.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css2_main.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css2_pagingmodule.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css2_topbuttons.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css_cattree.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\css_flashpreview.css (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\cursors.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\delete.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\edit_clear_sound.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\edit_fs.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\edit_select.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-543450.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-548964.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-589306.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-591943.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-592579.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-598579.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-603763.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9595.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511724-9696.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-511745-514279.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-bcards.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-ecards.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-emoticons.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-estationery.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-funny.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-help.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-images.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-info.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-more.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-my.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-new2.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-options.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-people.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-photo.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-tell.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-temp.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-text.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def-email-voice.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-def.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-premium-email-premium.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-t1-bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\email-temp-bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\estatationery.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\flashpatch.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\flashpreview.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\fs3.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\hotbar_promo.htm (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_checked_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_close_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_preview.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_edit_send.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_flash_preview.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_recently_used.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_remove_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_sand-clock2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tell_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_tree_null.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_barlayout4.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_corner_left.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\img_local_logo.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_basetemplate.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbgroups.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobject3.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hbobjectset3.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_hotbarwrapper.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_texts3.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\js2_xmltree3nf.js (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\layout.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\linkpathlegal.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\n.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\nav_bb_2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\nav_b_2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\nav_ff_2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\nav_f_2.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\progress.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\sales_buttons.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\searchbtn.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\seekmo_btn.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\submit.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bg.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bga.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_bgia.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_l.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_la.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_lia.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_r.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ra.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tab_ria.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_animations.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_backgrounds.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_ecards.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_emoticons.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_notifiers.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\treedata_text.xml (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tree_dots.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tree_minus.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\1\tree_plus.gif (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kayt\Application Data\Seekmo\v3.0\HostOI\static\2\030104_emte10_prv.gif (AdWare.Agent) -> Quarantined and deleted suc
  • 0

#7
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello rwbj

I could not delete the seekmo directory as it wasnt there to delete.

No problem, it looks like MBAM took care of a few things

Please post a fresh HijackThis log in your next reply
  • 0

#8
rwbj

rwbj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

I thought i had attached the logfle - anyway, looks like it got truncated - so here is a new copy!

Cheers,

BJ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:00 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\HijackThis\HiJackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe -nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12583 bytes
  • 0

#9
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello rwbj

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Update Java:
Go here and download the latest version of Java Runtime Environment (JRE) 6 Update 6
http://java.sun.com/...loads/index.jsp
Go to Start > Control Panel double-click Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select any found and click Remove.
Then install the version you downloaded earlier.


Then please run the Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Posted Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Posted Image

  • Copy and paste the report in your next post and please let me know how your system is running

  • 0

#10
rwbj

rwbj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Kaspersky log attached. Java updated.

Things are running much better. Is there still likely to be more malware on here?

Cheers,

BJ

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 26, 2008 12:51:41 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/05/2008
Kaspersky Anti-Virus database records: 800225
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79067
Number of viruses found: 21
Number of infected objects: 130
Number of suspicious objects: 0
Duration of the scan process: 03:27:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.94.Crwl Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.94.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.ci Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wsb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy49.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_54c.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Support\MPLog-05142008-121258.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2008-05-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\11313F7F.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1151635B.tmp Infected: Trojan.Win32.Pakes.cww skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\117B16E7.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\11C0089C.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\17425B2A.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\17662903.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\18296224.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\184D2FFC.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1AFB77C5.exe Infected: Trojan-Downloader.Win32.Zlob.ldc skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1CF46123.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1D4250CD.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1F34086B.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1F894C0E.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1FA071F5.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1FAD19E6.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\22E42BD1.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\236A4EC1.tmp Infected: Backdoor.Win32.IRCBot.beb skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\250624B8.dll Infected: not-virus:Hoax.Win32.Agent.bv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\258F0821.dll Infected: not-virus:Hoax.Win32.Agent.bv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\25EE49B9.dll Infected: not-virus:Hoax.Win32.Agent.bv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\2622697F.dll Infected: not-virus:Hoax.Win32.Agent.bv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\2660073B.dll Infected: not-virus:Hoax.Win32.Agent.bv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\26643137.dll Infected: not-virus:Hoax.Win32.Agent.bv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\26675B34.dll Infected: not-virus:Hoax.Win32.Agent.bv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\2AB42E01.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\2AD227E1.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\34AB450A.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\34BE371D.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\34C56B7E.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\34D23CDF.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\34D566DC.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\34DC3AD5.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\36EA1ADA.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\371B55D0.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\3769457A.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\3A506A88.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\3CA66669.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\3E2F1E92.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\3E50426E.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40775340.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40B246FF.exe Infected: not-virus:Hoax.Win32.Renos.nc skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40BC44F4.exe Infected: not-virus:Hoax.Win32.Renos.nc skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40BF6EF0.EXE Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\40C218ED.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4458133E.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\44770941.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\44800B13.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\45B23E9F.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\45F05C5A.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\47FE3DC6.dll Infected: not-a-virus:AdWare.Win32.E404.am skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4AA15804.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4AC27BE0.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4D701EF9.dll Infected: Trojan-Downloader.Win32.Zlob.lcz skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\509A724C.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\50D23C0F.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\54EC6789.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\553866A3.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\57DE4A4A.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5BF23FD2.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5CA86F08.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5F0F7DFC.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\600D1FA0.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6068373C.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\606F0B35.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\607C3326.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6086311C.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\608C0514.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\616154FA.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6767757C.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\683B4075.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\69DE347C.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6D9728B6.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6DAE4E9D.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\70B77A8F.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\71863DF0.com Infected: Backdoor.Win32.IRCBot.bsg skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\72095A2C.exe Infected: not-a-virus:FraudTool.Win32.Errorsafe.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\73A02BBF.sys Infected: SpamTool.Win32.Agent.jn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\75457139.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\770930A6.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\78BF7DA4.dll Infected: Trojan-Downloader.Win32.Zlob.lfo skipped
C:\Documents and Settings\kayt\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\kayt\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kayt\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\kayt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kayt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kayt\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6E956CAE-2E61-4C7D-8448-01FD29BA84A8} Object is locked skipped
C:\Documents and Settings\kayt\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kayt\Local Settings\Temp\~DF4617.tmp Object is locked skipped
C:\Documents and Settings\kayt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kayt\ntuser.dat Object is locked skipped
C:\Documents and Settings\kayt\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\player\Local Settings\Temp\Temporary Directory 2 for vtp5_5.zip\Vista Transformation Pack 5.5.exe/WISE0039.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\player\Local Settings\Temp\Temporary Directory 2 for vtp5_5.zip\Vista Transformation Pack 5.5.exe/WISE0058.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\player\Local Settings\Temp\Temporary Directory 2 for vtp5_5.zip\Vista Transformation Pack 5.5.exe/WISE0058.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\player\Local Settings\Temp\Temporary Directory 2 for vtp5_5.zip\Vista Transformation Pack 5.5.exe WiseSFX: infected - 3 skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0303NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0435NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{484F9A23-488B-490C-B8A9-BD4811E37D80}\RP10\A0005524.exe Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\System Volume Information\_restore{484F9A23-488B-490C-B8A9-BD4811E37D80}\RP5\A0003565.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\System Volume Information\_restore{484F9A23-488B-490C-B8A9-BD4811E37D80}\RP5\A0003771.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\System Volume Information\_restore{484F9A23-488B-490C-B8A9-BD4811E37D80}\RP5\A0003845.exe/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\System Volume Information\_restore{484F9A23-488B-490C-B8A9-BD4811E37D80}\RP5\A0003845.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP216\A0203270.exe Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP217\A0203360.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203429.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203436.sys Infected: Trojan-Dropper.Win32.Agent.rek skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203443.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203448.sys Infected: Trojan-Dropper.Win32.Agent.rek skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203460.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203465.sys Infected: Trojan-Dropper.Win32.Agent.rek skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203474.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203483.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203488.sys Infected: Trojan-Dropper.Win32.Agent.rek skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0203492.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\A0204492.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP218\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP219\A0204553.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP219\A0204560.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP220\A0204612.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP223\A0204642.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP223\A0204648.sys Infected: Trojan-Dropper.Win32.Agent.rek skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP223\A0204651.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP223\A0205651.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP223\A0205662.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP223\A0205674.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP223\A0205698.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP223\A0206698.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206711.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206720.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206726.sys Infected: Trojan-Dropper.Win32.Agent.rek skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206746.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206751.sys Infected: Trojan-Dropper.Win32.Agent.rek skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206775.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206783.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206788.sys Infected: Trojan-Dropper.Win32.Agent.rek skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206798.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206811.dll Infected: Trojan-Downloader.Win32.Mutant.xe skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206813.exe Infected: Trojan-Downloader.Win32.Zlob.ldy skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206814.exe Infected: Trojan-Downloader.Win32.Zlob.ldy skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206815.exe Infected: Trojan-Downloader.Win32.Zlob.ldy skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP224\A0206816.exe Infected: Trojan-Downloader.Win32.Zlob.ldy skipped
C:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP242\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\FlyakiteOSX\Tools\pskill.exe Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{608EAA7B-8AA8-4D3B-8A18-3E5D8C61AB2B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{BF94D91C-D3A7-40F4-8853-85A353BDD84E}\RP89\A0018696.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.jn skipped
D:\System Volume Information\_restore{F31E2B0A-B3A3-4369-BD8F-9EA973AE93D0}\RP242\change.log Object is locked skipped

Scan process completed.
  • 0

#11
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello rwbj

Glad things are running much better now.. :)

Please purge everything that has been quarantined by your Norton AntiVirus and also remove SDFix from your system, you no longer require this.

Download and Install CCleaner
http://www.ccleaner....ownloading-slim

Open CCleaner and select:
Cleaner > Analyze > Run Cleaner
Then close

Then please go to Start Programs > Accessories > System Tools > System Restore
Click Create A Restore Point then click Next. Give it a name it and then click Create

Click Start > Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.
  • 0

#12
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
This Topic has been closed.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP