[damandg]

this is the logfile for the malware program followed by the log file from hijack this then my install program...


Malwarebytes' Anti-Malware 1.20
Database version: 949
Windows 6.0.6000
4:33:43 PM 7/14/2008
mbam-log-7-14-2008 (16-33-23).txt
Scan type: Quick Scan
Objects scanned: 34681
Time elapsed: 5 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{fbb40fdf-b715-4342-ab82-244ecc66e979} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo (Adware.Seekmo) -> No action taken.
Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk (Adware.Seekmo) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk (Adware.Seekmo) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Uninstall Instructions.lnk (Adware.Seekmo) -> No action taken.
C:\Users\bobby digital\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (Rogue.SpywareDestructor) -> No action taken.


Unistall list

Acer Arcade Deluxe
Acer Assist
Acer Crystal Eye webcam
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player Plugin
Adobe Photoshop CS
Adobe Reader 8.1.0
Adobe Shockwave Player 11
ALPS Touch Pad Driver
AppCore
Apple Mobile Device Support
Apple Software Update
AV
Big Kahuna Reef 2
Bonjour
Cake Mania
ccCommon
DivX Content Uploader
DivX Web Player
DVD X Rescue
Dynasty
Galapago
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
iTunes
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 4.0.0 (Full)
LimeWire 4.16.3
LiveUpdate 3.2 (Symantec Corporation)
Luxor 2
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton Security Scan
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
OpenOffice.org Installer 1.0
PowerProducer 3.72
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Sony Picture Utility
SPBBC 32bit
Star Defender 3
Symantec Real Time Storage Protection Component
SymNet
Tiks Texas Hold em
Treasures of the Deep
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934528)
Update for Office 2007 (KB946691)
Update for Office System 2007 Setup (KB929722)
Viewpoint Media Player
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
WinPatrol 2008
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Zuma Deluxe
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)


HIJACK This logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:29 PM, on 7/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6714 bytes

[evilfantasy]

Everything in the MBAM log says No action taken. Did you remove everything after copying the log?

[evilfantasy]

Go to add/remove programs and uninstall:

Java(TM) 6 Update 4
Java(TM) SE Runtime Environment 6
Viewpoint Media Player

----------

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis and run CCleaner.

----------

Everything else looks OK, are you still having any problems?