ive recently been given a friends computer to "fix" because it is ridden with spyware and viruses to the point where windows wont even load. I have managaed to fix this (doing a repair install as there are several user accounts all of whom have data which they dont want to loose) and althought i can now get into windows the machine is still incredibly slow, it wont let me access the task manager (either from ctrl alt delete or run taskmgr it says that another application is using it) I have tried to install AVG virus scanner but the installation fails. Im just wondering if there is anything else i can try to sort this pc out with out resorting to reformatting completly, i can back up the data easily enough but didnt really want to have to go thorough the hassle of reinstalling windows, drivers, apps and then giving each user their files back as this would take forever. any other suggestions would be much appreciated.
Have you tried spybot search & destroy or other registry fixers?
I need to know whats running on the system.
Download a copy of HijackThis and save it to your desktop in a folder.
Do a scan and save the HijackThis logfile. Do not remove anything.
Post your log file here. Link to HijackThis:
http://www.majorgeeks.com/Trend_Micro_HijackThis_d5554.html
Myself, crunchie or another member will take a look and formulate a plan of attack for you!
HI Guys thanks for the response, NO i havent tried spy bot search and destroy.. would you reccomend that then? I have run hijack this and the log file is shown below so hopefully there will be some clues in there.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:49, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
C:\WINDOWS\system32\vsm.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\mrofinu1188.exe
C:\Documents and Settings\John\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\vrm.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\b152.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.targetedbanner.biz/bc/123kah.php
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\vsm.exe
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\John\svchost.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [dc88373e] rundll32.exe "C:\WINDOWS\system32\fnqcwlvx.dll",b
O4 - HKLM\..\Run: [BMdfbb04a2] Rundll32.exe "C:\WINDOWS\system32\xegdaojm.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184262861218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 5872 bytes
Hello, bill. Let's start by getting Combofix to remove what it can.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Now clean...
=Uninstall mirar or getmirar.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
...and get AVG AS to get the remainder.
AVG - AS:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file along with a fresh hijackthis log.
Edit: Ooops, sorry gerbil i didnt see you there.....please relate to gerbils post and ignore whats below as i cant delete my post! (he beat me to the button)
As zandiago suggests we will be running spybot at a later stage.
You have some rather nasty infections within your log so i need you to follow the below instructions as closely as possible please!
Also, I cant detect the presence a running Antivirus Scanner which means that you either dont have one installed, or the Malware that you have contracted has disabled it.
After the cleaning process is completed i recommend that you update your browser to IE7 at a minimum or use the latest from firefox. You also need to update your Java runtime enviroment.
Print out or copy this page to Notepad since you will CAN NOT have any of browsers open while you are fixing this and try to follow it as closely as possible taking it STEP by STEP.
Update your Antivirus program if your able to otherwise continue on,
Download Spybot Search and Destroy install it and UPDATE the program (Don’t run it yet).
http://www.safer-networking.org/en/mirrors/index.html
Download VundoFix.exe to your desktop. Ignore the AntiVirus warnings and download it anyway because you need to run it.... Wait on installation and running.
http://www.atribune.org/ccount/click.php?id=4
Download CleanUp and install it. Wait on installation and running.
http://www.stevengould.org/downloads/cleanup/CleanUp452.exe
Download following program CWSHREDDER. Wait on installation and running
http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe
Download About:Buster and save it to your desktop. When it has finished downloading, unzip the folder to your desktop as well. You should now be left with an aboutbuster folder on your desktop.Wait on installation and running.
http://www.malwarebytes.org/AboutBuster.zip
I would also recommentd that you download CCleaner. It is a great little program that I use every time I close my browser to get rid of temporary files. I usually just run the cleaner part every time I'm done with the browser.During the install there will be check marks for checking for updates which you should do.....Dont install the toolbars unless you want them so you can uncheck these boxes.
It is a very safe program and it is free.(CCleaner Quick Setup: Go to > Options > Advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours" as this will help in cleaning malware that may be hiding in your temp files etc)
_______________________________________________________________________
Now make sure no OS files are hidden.
To do this:
For XP go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
For Vista go to the Control Panel->Appearance and Personalization
Under the Folder Options, click Show Hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
You may change the above options back after your log is clean.
Turn off system restore.
Steps to turn off System Restore for XP
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.
Steps to turn off System Restore for Vista:
1. Control Panel -> System Maintenance -> Back Up and Restore Center
2. On the right column, click on "create a restore point or change settings" (this requires administrator's password if set)
3. Uncheck all drives.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.
Do all steps below in safe mode except for at the end when you generate a new HiJackThis log
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (Repeatedly).
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
Please right click the HiJackThis.exe file that you run to do a scan, and rename it to Digitalfix.exe. Run Digitalfix.exe and click "Scan". Place checks next to the following entries if still present in the code and close all browser and other windows except for HijackThis, and click "Fix Checked". (We rename the HiJackThis executable because some forms of malware are capable of hiding themselves when they see it).
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.targetedbanner.biz/bc/123kah.php
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF 968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\John\svchost.exe
O4 - HKCU..Run: [JavaCore] C:Program Files\JavaCore\JavaCore.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
Run your Antivirus and do a full scan.....Remember this is all in safe mode.
Run Spybot Search and Destroy and do a full scan remember this is all in safe mode.
Open Cleanup by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Only Check the following for now:
-Empty Recycle Bins
-Delete Cookies
-Delete Prefetch Files
-Clean up All Users
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
*Press the Temporary Files Tab and check.
-Scan drives for files matching
Click OK
Press the CleanUp button to start the program. Reboot/logoff when prompted.
Note: CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup or MOVE THEM out of the Temp folder before running CleanUp
If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.
Install and run CWSHREDDER
Close all browser windows, open cwshredder.exe then click "Fix" and let it run.
Double-click on the AbouBuster.exe icon.
Click Begin scan. Close when completed.
It is advised that you run the AboutBuster twice in a row to make sure you get all the infections.
_____________________________________________________________
NOTE For AboutBuster: If you recieve the error"Run-time error '339': Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid".
Download and run this file http://www.spywareinfo.com/downloads/tools...ngfilesetup.exe
_____________________________________________________________
Double-click VundoFix.exe to run it(Do this a few times until nothing shows up)
Then install CCleaner but note it installs the Yahoo Toolbar as an option which IS check marked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option.
Before first use, select Options > Advanced and UNCHECK 'Only delete files in Windows Temp folder older than 48 hours'
Then select the items you wish to clean up.
In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.
In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.
Click the "Run Cleaner" button.
A pop-up box will appear advising this process will permanently delete files from your system.
Click "OK" and it will scan and clean your system.
Click the "Issues" button.
Click the "Scan For Issues" button.
Click the "Fix Selected Issues" button.
Click the "Fix All Selected Issues" button.
Click "OK"
Click "Close" when done.
REBOOT in normal mode and turn on System Restore.
Steps to turn on System Restore For XP:
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4. Click OK.
After a few moments, the System Properties dialog box closes.
To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.
In the System Restore wizard, select Create a restore point and click the Next button.
Type a name for your new restore point then click on Create.
To create a Restore point for Vista:
1.Control Panel – System Maintenance – Back Up and Restore Center. On the right column, click on "Create A Restore Point Or Change Settings" (This requires Administrator's password if set.) Put a check on the drive your OS is on. Then click on the Create button. Type in a name and then click OK.
Do another scan with Digitalfix.exe in normal windows mode and post your new log file here for final verification. Make sure it is a new log file.
Also let us know how the systems overall condition is now.
I was just a bit bored with work so I jumped in, dls... :)
To delete I usually just edit to a point, a dot.
No matter, anyway... bill can pick n choose.
guys thanks for the advice i started following gerbils advice but not had much luck as the system appears to be locked down by whatever virus etc is on it. When i try to run combofix I get the error Windows cannot find regedit.. Ive attached screenshots for reference.
I tried to run regedit manually from run but recieve the error - another program is using this file.
I managed to run Ccleaner which appeared to clear out a lot of things. and finally i tried to install AVG but it wouldn't let me do so, again Ive attached the error.. i think the system is screwed, but imj happy/willing to try any further advice if anyone can give it?
Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Make sure that you restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Post new HJT log.
ok, Ive followed your advice crunchie and that seems to have sorted out a lot of the problems.. i can now access task manager etc etc.. ive also been able to install ccleaner and AVG and run those to remove more nasties, i have attached logs for both malware bytes and a new hijack this log, not sure if there are any more problems lurking but using a combination of these softwares appears to have stripped out most of them. but if you could just have alook for me it would be much appreciated as i can then give this pc back to my friend, hopefully infection free.
****** Malware bytes log***********
Malwarebytes' Anti-Malware 1.11
Database version: 717
Scan type: Full Scan (C:\|)
Objects scanned: 184465
Time elapsed: 2 hour(s), 1 minute(s), 7 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 50
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 56
Files Infected: 571
Memory Processes Infected:
C:\WINDOWS\mrofinu1188.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\John\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\jqhsilhj.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c266d90-0e34-422c-8a6f-2c7b5d591981} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c266d90-0e34-422c-8a6f-2c7b5d591981} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cfcec0a5-e1da-4049-bdb6-8b461e7e1bf3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2386c4d3-e53a-4fd6-952b-89cbca337c83} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\quantic.plug (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{16b435f6-b6ce-4f24-a568-944b27ed919c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16b435f6-b6ce-4f24-a568-944b27ed919c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\quantic.plug.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcdulfu (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3cab59b4-55a3-4737-9fd5-b93c6430bf75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cab59b4-55a3-4737-9fd5-b93c6430bf75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\POSTSETUPCHECK (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dc88373e (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdeukb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdeukb -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nui4 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\IESkins (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\HostOI (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\HostOL (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\HostOI\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\HostOI\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\HostOL\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\HostOL\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\IESkins (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\HostOI (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\HostOL (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\HostOI\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\HostOI\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\HostOL\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\HostOL\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\Seekmo\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\Seekmo\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\Seekmo\static\1 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\Seekmo\static\2 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (AdWare.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\jqhsilhj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jhlishqj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdEUKB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BKUEdMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BKUEdMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atgban.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcDULFU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xfgnrqnr.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Seekmo\bin\10.0.314.0\InstIE.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\213QL5K1\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8388A805-DEFF-417B-BB55-47C2D9C6D44A}\RP9\A0001120.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\HostOE.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSAAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSADF.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf_update.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Reset Cursor.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo\Seekmo Uninstall Instructions.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1067059.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1067625.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1356478.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\135785.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1384213.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385287.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1387544.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1398675.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\1416352.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\2441192.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\2877885.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\2880685.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\2893787.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\2894846.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\2903339.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\2904133.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3692562.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3692566.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3693233.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3693234.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3757861.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3757878.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3779905.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3779909.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3782412.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3786194.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852203.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\3859864.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\499863.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\965522.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000030162 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\100848 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10110 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10157 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10807 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116250 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\117970 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11891 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12457 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12772 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12776 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14271 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15040 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15090 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15135 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15198 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\153363 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15622 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15643 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15649 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\158839 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\159294 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\161965 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\163195 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16725 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\168167 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17025 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\184591 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18906 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19052 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\2021 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20392 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20478 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\204988 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20524 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21215 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\213260 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21846 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21889 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23923 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\241510 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24625 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25372 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26656 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27505 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28812 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29115 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29538 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29539 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29547 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30823 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34374 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34513 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\345485 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\349801 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35000 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35006 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35062 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\361427 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41584 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42208 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43747 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44228 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44279 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44293 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44306 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44878 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44915 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\454802 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\455641 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45833 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\471072 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\477109 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\477253 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\481176 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49587 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51666 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52253 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\530292 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\541369 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54469 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\578150 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58197 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\591948 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\62133 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64402 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64404 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64429 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64502 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\662061 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66836 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66851 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68942 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69201 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\702283 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70608 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70907 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\737665 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\738022 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\73840 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\743203 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744758 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744819 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744987 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745434 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745751 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745838 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748176 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\748372 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\751223 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\751242 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\7521 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753090 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753250 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79246 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79432 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\83298 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\83463 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86379 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90371 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\9313 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93568 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93921 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93958 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94407 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\94740 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\9770 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\3598.dat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jamie\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip (AdWare.Agent) ->
sorry, just realised that the last post is a bit of an information overload , Ive pasted the hijack this log below and attached the log from malware bytes in a word doc as its probably easier to digest like that!!
*** hijack this log****
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:20, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.targetedbanner.biz/bc/123kah.php
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184262861218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 5837 bytes
any suggestions would be much appreciated... also id like to find out more about how to identify "nasties" when looking at a hijack this log so any advice on how to learn more would be good too.
Malwarebytes' Anti-Malware 1.11
Database version: 717
Scan type: Full Scan (C:\|)
Objects scanned: 184465
Time elapsed: 2 hour(s), 1 minute(s), 7 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 50
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 56
Files Infected: 571
Memory Processes Infected:
C:\WINDOWS\mrofinu1188.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\John\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\jqhsilhj.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c266d90-0e34-422c-8a6f-2c7b5d591981} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c266d90-0e34-422c-8a6f-2c7b5d591981} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cfcec0a5-e1da-4049-bdb6-8b461e7e1bf3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2386c4d3-e53a-4fd6-952b-89cbca337c83} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\quantic.plug (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{16b435f6-b6ce-4f24-a568-944b27ed919c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16b435f6-b6ce-4f24-a568-944b27ed919c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\quantic.plug.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcdulfu (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3cab59b4-55a3-4737-9fd5-b93c6430bf75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cab59b4-55a3-4737-9fd5-b93c6430bf75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\POSTSETUPCHECK (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dc88373e (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdeukb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomdeukb -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.314.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nui4 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Docu
Can you please do the following.
===============
Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.
- Open Windows Defender
- Click Tools
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection (recommended)
- After you uncheck this, click on the Save button
- Close Windows Defender
===============
Scan with HijackThis and then place a check next to all the following, if present:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.targetedbanner.biz/bc/123kah.php
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Regi...18/flashax.cab
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
thanks for the advice, ive done as you said and downloaded and installed as suggested and the hijack this log is below, the machine is now running as it should do much more responsive, thanks again
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:36, on 06/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.targetedbanner.biz/bc/123kah.php
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184262861218
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 5226 bytes
Fix up that R1 entry again and you should be good to go :).
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.