Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do i remove these


  • Please log in to reply
38 replies to this topic

#1 grimness

grimness

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 18 January 2010 - 12:57 AM

It seems like anytime I open up either Internet Explorer or Firefox search engines I get alot of pop ups from CiD and other website.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 22:28:54.70 on 17/01/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.409 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYCA&fl=0&ptb=EEVq8jdMj1FdD8aHnaMuHw&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
uURLSearchHooks: H - No File
mURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: {598dfdf9-a7aa-4522-b1e6-a34d9d439d01}: {10d934d9-d43a-6e1b-2254-aa7a9fdfd895}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
BHO: {82bce4b1-932f-419d-83ab-4630c952e137} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {B6A472AC-D042-46BF-A354-FC26C82FDE17} - No File
{cd8dccaa-5e29-4e1e-ace5-4dbb130cc892}
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [My Web Search Community Tools] "c:\program files\mywebsearch\bar\1.bin\m3IMPipe.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [9c3049eb] rundll32.exe "c:\windows\system32\akoblvlh.dll",b
mRun: [poke mp3 cdrom meta] c:\documents and settings\all users\application data\jump poll poke mp3\Proxy cdrom.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\hewlett-packard\compaq organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm128YYCA
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: faul592 - faul592.dll
Notify: opnkJdba - opnkJdba.dll
AppInit_DLLs: lurflz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqRHwWM

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\ijkx4sed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2010-1-11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2010-1-11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2010-1-11 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100116.002\IDSXpx86.sys [2010-1-17 329592]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2010-1-11 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-9 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100117.019\NAVENG.SYS [2010-1-17 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100117.019\NAVEX15.SYS [2010-1-17 1323568]

=============== Created Last 30 ================

2010-01-12 23:16:17 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 20:26:07 0 d-----w- c:\windows\system32\N360_BACKUP
2010-01-09 20:19:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-01-09 20:19:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-01-09 20:19:04 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-09 20:19:04 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-09 20:19:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-09 20:19:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-09 20:19:04 0 d-----w- c:\program files\Symantec
2010-01-09 20:18:24 0 d-----w- c:\windows\system32\drivers\N360
2010-01-09 20:18:17 0 d-----w- c:\program files\Norton 360
2010-01-09 20:18:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-01-09 20:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-01-09 20:12:08 0 d-----w- c:\program files\NortonInstaller
2010-01-09 20:12:08 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-01-18 04:54:30 3649 ----a-w- c:\windows\viassary-hp.reg
2010-01-11 23:13:34 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-11 23:13:34 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2007-10-24 03:17:40 6480 --sha-w- c:\windows\system32\edeeg.bak1
2007-10-24 20:31:53 6480 --sha-w- c:\windows\system32\edeeg.bak2
2007-09-27 21:39:13 15058 --sha-w- c:\windows\system32\gjkkj.bak1
2007-09-29 19:51:11 24299 --sha-w- c:\windows\system32\gjkkj.bak2
2007-09-30 18:17:06 6480 --sha-w- c:\windows\system32\ijkkj.bak1
2007-09-30 15:52:03 6480 --sha-w- c:\windows\system32\llnmp.bak1
2009-01-22 02:49:34 32468 --sha-w- c:\windows\system32\MWwHRqru.ini2
2007-09-29 18:08:29 6440 --sha-w- c:\windows\system32\nnnmp.bak1
2007-10-26 01:08:11 6440 --sha-w- c:\windows\system32\oqstv.bak1
2007-12-14 23:49:55 117423 --sha-w- c:\windows\system32\xycdd.bak1
2008-01-13 18:44:22 319198 --sha-w- c:\windows\system32\xycdd.bak2
2008-11-10 23:08:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 22:29:36.84 ===============



Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:59 AM

Posted 23 January 2010 - 12:43 AM

Hello grimness,

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

**********************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh DDS log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 January 2010 - 08:54 PM

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton 360
McAfee Security Scan
``````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

#4 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 January 2010 - 11:41 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3631
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

24/01/2010 9:31:04 PM
mbam-log-2010-01-24 (21-31-04).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 213586
Time elapsed: 2 hour(s), 11 minute(s), 45 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 215
Registry Values Infected: 15
Registry Data Items Infected: 0
Folders Infected: 48
Files Infected: 368

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c3049eb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search community tools (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\bootstera (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\eskin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\IESkins (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOI (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOI\dynamic (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOI\static (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOI\static\1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOI\static\DownLoad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOL\dynamic (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOL\static (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOL\static\1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOL\static\2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\HostOL\static\DownLoad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Trojan.Agent) -> Files: 480 -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\MSNBackgrounds (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP821\A0198966.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\register.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\eskin\empty_bg_st.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\eskin\FileManager.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1055531.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1055580.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1055604.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1057928.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1064372.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1065003.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066422.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066483.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1066790.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1067625.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1076934.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1160584.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1165913.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1168802.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1224397.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\126826.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1271868.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383582.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383747.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1384364.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1384900.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1385437.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1386779.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1388595.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1393042.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1395210.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1399672.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1402430.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1402706.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1403453.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1405661.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\153438.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\158093.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\16595.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1750000.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1824149.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\1930870.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2208948.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2221934.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2709152.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2763070.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\287322.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2883915.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884334.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2884801.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2885061.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2885069.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2899584.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\2904096.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3251388.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3251993.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3340762.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3419267.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3422683.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3423420.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3442551.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3702929.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3720784.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3720900.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3732170.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3781281.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\382034.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852201.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852297.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3868101.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893180.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893205.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893245.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\475389.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\528897.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\600801.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\737654.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\790243.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\803901.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\805478.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\819382.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\820426.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\890068.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\948597.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\980657.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\997191.sdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\f805.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00101399.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00017308 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000C8E6A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000E9C4B (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000EA062.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000EA2A4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000EA3EC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000EA534.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000EA757.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0061F322.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0061F47A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0062016A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\006202A3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\006204A6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00AC9093 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\014AC82D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01A7A34B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01B01528 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\029366D2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03FBB25B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03FBB6C0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03FBB8D4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gjkkj.bak1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gjkkj.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xycdd.bak1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xycdd.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:59 AM

Posted 24 January 2010 - 11:46 PM

Download SUPERantispyware
  • Load SUPERantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log to this thread.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 January 2010 - 11:47 PM


DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 21:44:16.65 on 24/01/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.326 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYCA&fl=0&ptb=EEVq8jdMj1FdD8aHnaMuHw&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {598dfdf9-a7aa-4522-b1e6-a34d9d439d01}: {10d934d9-d43a-6e1b-2254-aa7a9fdfd895}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: {82bce4b1-932f-419d-83ab-4630c952e137} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {B6A472AC-D042-46BF-A354-FC26C82FDE17} - No File
{cd8dccaa-5e29-4e1e-ace5-4dbb130cc892}
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [poke mp3 cdrom meta] c:\documents and settings\all users\application data\jump poll poke mp3\Proxy cdrom.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\hewlett-packard\compaq organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: faul592 - faul592.dll
Notify: opnkJdba - opnkJdba.dll
AppInit_DLLs: lurflz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqRHwWM

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\ijkx4sed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2010-1-11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2010-1-11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2010-1-11 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100119.001\IDSXpx86.sys [2010-1-19 329592]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2010-1-11 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-9 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100124.021\NAVENG.SYS [2010-1-24 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100124.021\NAVEX15.SYS [2010-1-24 1323568]

=============== Created Last 30 ================

2010-01-25 01:56:27 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2010-01-25 01:56:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 01:56:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 01:56:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 01:56:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 03:12:31 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-01-20 03:12:29 0 d-----w- c:\program files\McAfee Security Scan
2010-01-12 23:16:17 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 20:26:07 0 d-----w- c:\windows\system32\N360_BACKUP
2010-01-09 20:19:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-01-09 20:19:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-01-09 20:19:04 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-09 20:19:04 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-09 20:19:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-09 20:19:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-09 20:19:04 0 d-----w- c:\program files\Symantec
2010-01-09 20:18:24 0 d-----w- c:\windows\system32\drivers\N360
2010-01-09 20:18:17 0 d-----w- c:\program files\Norton 360
2010-01-09 20:18:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-01-09 20:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-01-09 20:12:08 0 d-----w- c:\program files\NortonInstaller
2010-01-09 20:12:08 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-01-25 04:34:07 3649 ----a-w- c:\windows\viassary-hp.reg
2010-01-11 23:13:34 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-11 23:13:34 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2007-10-24 03:17:40 6480 --sha-w- c:\windows\system32\edeeg.bak1
2007-10-24 20:31:53 6480 --sha-w- c:\windows\system32\edeeg.bak2
2007-09-29 19:51:11 24299 --sha-w- c:\windows\system32\gjkkj.bak2
2007-09-30 18:17:06 6480 --sha-w- c:\windows\system32\ijkkj.bak1
2007-09-30 15:52:03 6480 --sha-w- c:\windows\system32\llnmp.bak1
2009-01-22 02:49:34 32468 --sha-w- c:\windows\system32\MWwHRqru.ini2
2007-09-29 18:08:29 6440 --sha-w- c:\windows\system32\nnnmp.bak1
2007-10-26 01:08:11 6440 --sha-w- c:\windows\system32\oqstv.bak1
2008-01-13 18:44:22 319198 --sha-w- c:\windows\system32\xycdd.bak2
2008-11-10 23:08:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 21:45:03.81 ===============

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:59 AM

Posted 25 January 2010 - 12:16 AM



Did you see my previous post? (Post #5)
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 25 January 2010 - 08:42 PM

Yeah i didnt see your post was trying to put DDS log on reply at the time DL other thing now

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:59 AM

Posted 25 January 2010 - 09:44 PM



Yes, that is what I thought; its called "cross posting".

Post the SUPERantispware log when it is finished and we will continute. smile.gif


If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 26 January 2010 - 01:53 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/25/2010 at 07:44 PM

Application Version : 4.33.1000

Core Rules Database Version : 4517
Trace Rules Database Version: 2329

Scan type : Complete Scan
Total Scan Time : 00:55:35

Memory items scanned : 645
Memory threats detected : 0
Registry items scanned : 5814
Registry threats detected : 46
File items scanned : 29578
File threats detected : 72

Adware.MyWebSearch
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Unclassified.Unknown Origin
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pointroll[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.mktrack[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@da-tracking[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partyaccount[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@elitemate[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.ad4game[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediatraffic[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adcentriconline[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.bootcampmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@himedia.individuad[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@breakmedia.checkm8[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server.cpmstar[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.wsod[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@densebanner335[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mywebsearch[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@secure.partyaccount[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@precisionclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@slaysbanner691[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.socialtrack[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@popularscreensavers[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.gamesbannernet[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@interclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@collective-media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-3192097539-2679383957-3083071341-1009\SOFTWARE\FunWebProducts
HKU\.DEFAULT\SOFTWARE\MyWebSearch
HKU\S-1-5-18\SOFTWARE\MyWebSearch
C:\PROGRAM FILES\INTERNET EXPLORER\MSIMG32.DLL

Adware.180solutions/Seekmo
HKCR\AppId\SeekmoSA_df.exe
HKCR\AppId\SeekmoSA_df.exe#AppID

Rogue.Component/Trace
HKU\S-1-5-21-3192097539-2679383957-3083071341-1009\Software\48035026979531387907224670183013\Options
HKU\S-1-5-21-3192097539-2679383957-3083071341-1009\Software\48035026979531387907224670183013\Options#Aff
HKU\S-1-5-21-3192097539-2679383957-3083071341-1009\Software\48035026979531387907224670183013\Options#AdvancedScanType
HKU\S-1-5-21-3192097539-2679383957-3083071341-1009\Software\48035026979531387907224670183013\Options#FirstRunUrl
HKU\S-1-5-21-3192097539-2679383957-3083071341-1009\Software\48035026979531387907224670183013
HKLM\Software\Microsoft\9C305B65
HKLM\Software\Microsoft\9C305B65#9c305b65
HKLM\Software\Microsoft\9C305B65#Version
HKLM\Software\Microsoft\9C305B65#9c30f6e5
HKLM\Software\Microsoft\9C305B65#9c309f00
HKU\S-1-5-21-3192097539-2679383957-3083071341-1009\Software\Microsoft\FIAS4018

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204280.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204265.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204266.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204267.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204268.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204269.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204270.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204271.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204272.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204273.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204274.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204275.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204276.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204277.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204278.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204279.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204281.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204282.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204283.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204284.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204285.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204286.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204287.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204288.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204289.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204290.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204291.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204292.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204293.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204314.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204303.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP832\A0204315.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\EDEEG.BAK1
C:\WINDOWS\SYSTEM32\EDEEG.INI
C:\WINDOWS\SYSTEM32\GJKKJ.BAK2
C:\WINDOWS\SYSTEM32\IJKKJ.INI
C:\WINDOWS\SYSTEM32\LLNMP.BAK1
C:\WINDOWS\SYSTEM32\LLNMP.INI
C:\WINDOWS\SYSTEM32\NNNMP.INI
C:\WINDOWS\SYSTEM32\OQSTV.BAK1
C:\WINDOWS\SYSTEM32\OQSTV.INI


#11 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 26 January 2010 - 01:54 AM

Still getting CiD pops up not sure why

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:59 AM

Posted 26 January 2010 - 11:41 AM

Hi grimness,

Please close FireFox and Internet Explorer browser before running OTM.

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).


Copy the lines in the code box below to the clipboard by highlighting ALL of them and pressing {b]CTRL + C[/b] (or, after highlighting, right-click and choose Copy):
Do not include the word "Code".

CODE
:files
c:\windows\system32\edeeg.bak1
c:\windows\system32\edeeg.bak2
c:\windows\system32\gjkkj.bak2
c:\windows\system32\ijkkj.bak1
c:\windows\system32\llnmp.bak1
c:\windows\system32\MWwHRqru.ini2
c:\windows\system32\nnnmp.bak1
c:\windows\system32\oqstv.bak1
c:\windows\system32\xycdd.bak2
:commands
[emptytemp]
[Reboot]



Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Also post a fresh DDS log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 31 January 2010 - 02:38 AM

All processes killed
========== FILES ==========
File/Folder c:\windows\system32\edeeg.bak1 not found.
c:\windows\system32\edeeg.bak2 moved successfully.
File/Folder c:\windows\system32\gjkkj.bak2 not found.
c:\windows\system32\ijkkj.bak1 moved successfully.
File/Folder c:\windows\system32\llnmp.bak1 not found.
c:\windows\system32\MWwHRqru.ini2 moved successfully.
c:\windows\system32\nnnmp.bak1 moved successfully.
File/Folder c:\windows\system32\oqstv.bak1 not found.
c:\windows\system32\xycdd.bak2 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 188489142 bytes
->Temporary Internet Files folder emptied: 18439695 bytes
->Java cache emptied: 3460907 bytes
->FireFox cache emptied: 56277530 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 68511 bytes
->Temporary Internet Files folder emptied: 499502 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3244049 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12796643 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23944732 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 121682 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 293.00 mb


OTM by OldTimer - Version 3.1.7.1 log created on 01312010_002910

Files moved on Reboot...
File C:\WINDOWS\temp\JET14DB.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_49c.dat not found!

Registry entries deleted on Reboot...


#14 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 31 January 2010 - 02:53 AM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 0:50:54.40 on 31/01/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.450 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYCA&fl=0&ptb=EEVq8jdMj1FdD8aHnaMuHw&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {598dfdf9-a7aa-4522-b1e6-a34d9d439d01}: {10d934d9-d43a-6e1b-2254-aa7a9fdfd895}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: {82bce4b1-932f-419d-83ab-4630c952e137} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {B6A472AC-D042-46BF-A354-FC26C82FDE17} - No File
{cd8dccaa-5e29-4e1e-ace5-4dbb130cc892}
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [poke mp3 cdrom meta] c:\documents and settings\all users\application data\jump poll poke mp3\Proxy cdrom.exe
mRun: [Bbojihebaj] rundll32.exe "c:\windows\oporibiyixev.dll",Startup
mExplorerRun: [RTHDBPL] c:\documents and settings\compaq_owner\application data\systemproc\lsass.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\hewlett-packard\compaq organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: faul592 - faul592.dll
Notify: opnkJdba - opnkJdba.dll
AppInit_DLLs: lurflz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqRHwWM
LSA: Notification Packages = scecli dswfox.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\ijkx4sed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {AA298CC8-EF2C-4873-BB52-5839C2C633F8} - c:\documents and settings\compaq_owner\local settings\application data\{AA298CC8-EF2C-4873-BB52-5839C2C633F8}
FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2010-1-11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2010-1-11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2010-1-11 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100128.002\IDSXpx86.sys [2010-1-29 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2010-1-11 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-9 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100130.021\NAVENG.SYS [2010-1-30 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100130.021\NAVEX15.SYS [2010-1-30 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-01-31 07:29:10 0 d-----w- C:\_OTM
2010-01-30 04:50:51 120 ----a-w- c:\windows\Yfutupalirikij.dat
2010-01-30 04:50:51 0 ----a-w- c:\windows\Yjilerewer.bin
2010-01-30 04:47:04 0 d-sh--w- c:\docume~1\compaq~1\applic~1\SystemProc
2010-01-26 01:43:38 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-26 01:43:21 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 01:43:21 0 d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2010-01-25 01:56:27 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2010-01-25 01:56:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 01:56:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 01:56:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 01:56:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 03:12:31 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-01-12 23:16:17 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 20:26:07 0 d-----w- c:\windows\system32\N360_BACKUP
2010-01-09 20:19:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-01-09 20:19:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-01-09 20:19:04 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-09 20:19:04 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-09 20:19:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-09 20:19:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-09 20:19:04 0 d-----w- c:\program files\Symantec
2010-01-09 20:18:24 0 d-----w- c:\windows\system32\drivers\N360
2010-01-09 20:18:17 0 d-----w- c:\program files\Norton 360
2010-01-09 20:18:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-01-09 20:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-01-09 20:12:08 0 d-----w- c:\program files\NortonInstaller
2010-01-09 20:12:08 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-01-31 07:32:05 3649 ----a-w- c:\windows\viassary-hp.reg
2010-01-11 23:13:34 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-11 23:13:34 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2008-11-10 23:08:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 0:51:37.71 ===============

#15 grimness

grimness
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 31 January 2010 - 02:55 AM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 0:50:54.40 on 31/01/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.450 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYCA&fl=0&ptb=EEVq8jdMj1FdD8aHnaMuHw&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {598dfdf9-a7aa-4522-b1e6-a34d9d439d01}: {10d934d9-d43a-6e1b-2254-aa7a9fdfd895}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: {82bce4b1-932f-419d-83ab-4630c952e137} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {B6A472AC-D042-46BF-A354-FC26C82FDE17} - No File
{cd8dccaa-5e29-4e1e-ace5-4dbb130cc892}
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [poke mp3 cdrom meta] c:\documents and settings\all users\application data\jump poll poke mp3\Proxy cdrom.exe
mRun: [Bbojihebaj] rundll32.exe "c:\windows\oporibiyixev.dll",Startup
mExplorerRun: [RTHDBPL] c:\documents and settings\compaq_owner\application data\systemproc\lsass.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\hewlett-packard\compaq organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: faul592 - faul592.dll
Notify: opnkJdba - opnkJdba.dll
AppInit_DLLs: lurflz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqRHwWM
LSA: Notification Packages = scecli dswfox.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\ijkx4sed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {AA298CC8-EF2C-4873-BB52-5839C2C633F8} - c:\documents and settings\compaq_owner\local settings\application data\{AA298CC8-EF2C-4873-BB52-5839C2C633F8}
FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2010-1-11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2010-1-11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2010-1-11 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100128.002\IDSXpx86.sys [2010-1-29 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2010-1-11 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-9 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100130.021\NAVENG.SYS [2010-1-30 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100130.021\NAVEX15.SYS [2010-1-30 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-01-31 07:29:10 0 d-----w- C:\_OTM
2010-01-30 04:50:51 120 ----a-w- c:\windows\Yfutupalirikij.dat
2010-01-30 04:50:51 0 ----a-w- c:\windows\Yjilerewer.bin
2010-01-30 04:47:04 0 d-sh--w- c:\docume~1\compaq~1\applic~1\SystemProc
2010-01-26 01:43:38 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-26 01:43:21 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 01:43:21 0 d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2010-01-25 01:56:27 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2010-01-25 01:56:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 01:56:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 01:56:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 01:56:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 03:12:31 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-01-12 23:16:17 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 20:26:07 0 d-----w- c:\windows\system32\N360_BACKUP
2010-01-09 20:19:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-01-09 20:19:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-01-09 20:19:04 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-09 20:19:04 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-09 20:19:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-09 20:19:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-09 20:19:04 0 d-----w- c:\program files\Symantec
2010-01-09 20:18:24 0 d-----w- c:\windows\system32\drivers\N360
2010-01-09 20:18:17 0 d-----w- c:\program files\Norton 360
2010-01-09 20:18:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-01-09 20:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-01-09 20:12:08 0 d-----w- c:\program files\NortonInstaller
2010-01-09 20:12:08 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-01-31 07:32:05 3649 ----a-w- c:\windows\viassary-hp.reg
2010-01-11 23:13:34 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-11 23:13:34 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2008-11-10 23:08:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 0:51:37.71 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users