Double_D_Edd Posted January 3, 2009 Report Share Posted January 3, 2009 Hi all,A friend of mine has an issue. His PC caught something nasty, and whenever he uses Google, he gets sent to moxiesearch.com. His Facebook also messes up. I asked him to run a scan with Hijackthis, so here it is. He's on Windows XP, by the way.Logfile of HijackThis v1.99.1Scan saved at 12:27:39 AM, on 1/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\vphc700.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Edd's Friend\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061208R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=logoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061208R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exeO4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTMO8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Edd's Friend\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.htmlO8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Edd's Friend\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.htmlO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] InternationalO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cabO16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177893780500O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://ccas2.sdstate.edu/auth/CCALogin.CABO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXEO23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXEThanks in advance for your help! Edd. Link to post Share on other sites
sarahw Posted January 4, 2009 Report Share Posted January 4, 2009 Hi,Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Link to post Share on other sites
Double_D_Edd Posted January 4, 2009 Author Report Share Posted January 4, 2009 I forgot to mention that he ran Malwarebytes prior to sending me his Hijackthis log. Malwarebytes found about a dozen baddies, which it removed after the scan.Edd. Link to post Share on other sites
sarahw Posted January 4, 2009 Report Share Posted January 4, 2009 Can you please post the log of that malware bytes scan then run MBAM again and post that log also. Link to post Share on other sites
c0pp3rt0p1 Posted January 8, 2009 Report Share Posted January 8, 2009 (edited) Hello, I am the friend Edd is trying to help. The Google problem disappeared a few days ago but came back tonight after not having downloaded anything except a FF addon update.To further explain it and maybe increase the chance of someone knowing what is wrong here is a picture of what happens.Here is the first scan that removed quite a bit.Malwarebytes' Anti-Malware 1.31Database version: 1594Windows 5.1.2600 Service Pack 31/2/2009 9:02:47 AMmbam-log-2009-01-02 (09-02-46).txtScan type: Full Scan (C:\|)Objects scanned: 161428Time elapsed: 1 hour(s), 0 minute(s), 23 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 8Registry Values Infected: 3Registry Data Items Infected: 0Folders Infected: 5Files Infected: 225Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\Program Files\Live_TV\tbLive.dll (Adware.Agent) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00009e9f-ddd7-aa59-aa7d-aa4b7d6be000} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{00009e9f-ddd7-aa59-aa7d-aa4b7d6be000} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00009e9f-ddd7-aa59-aa7d-aa4b7d6be000} (Spyware.Passwords) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\Live_TV (Adware.Agent) -> Delete on reboot.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\RadioPlayer (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss (Adware.Agent) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\mscorews.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\Program Files\Live_TV\tbLive.dll (Adware.Agent) -> Delete on reboot.C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP581\A0075837.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.C:\Program Files\Live_TV\toolbar.cfg (Adware.Agent) -> Quarantined and deleted successfully.C:\Program Files\Live_TV\UNWISE.EXE (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\LanguagePack.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\LocalSettings.txt (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\ThirdPartyComponents.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\update.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_63_136_CT1360763_Images_1256613422_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1007681875_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1008632312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1010964906_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1013961671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1243915937_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1353559765_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1371430531_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1372002593_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1372811250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1374235656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1375182312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1377379968_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1433220828_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1434186671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1434335046_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1464688218_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584150234_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584161062_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584174671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584198968_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584213312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584224140_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584245562_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584260546_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584273093_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584288328_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584305562_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584319359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584332187_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584341578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584354890_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584366890_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584377828_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584397578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584413390_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584420750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584433812_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584441906_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584457437_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584470109_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1608030015_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1611650343_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1616510062_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-165335984_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-290489171_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-299253500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-32556781_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-35197640_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-502652203_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-504725421_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-511024656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-513104093_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-603321484_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-81342359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-81750281_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-82225000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-82719437_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-83346656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-83628484_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1256574750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1256594985_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1477248454_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1637862829_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1741325594_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_177267687_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1781662891_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1782898782_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1813859063_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1860419735_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2439924610_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2464261875_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2466903938_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3119843110_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3311231578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3502134688_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3505625313_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_358895313_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633206811540250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633206821795250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633211004690737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633211996783250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633243763802337500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633245535392631250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633245576226068750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633255875773387500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323304820925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323304996393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323305088425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323305474518750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633334172008068750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633341279781868750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633403616553356250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633463264160275000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563699265800000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563700066112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563701041737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563701379393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563702342050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563703174862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563703982050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563704387831250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563705109081250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563705426268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563706423925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563706733143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707318300000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707714237500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707991268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563708531893750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563709177987500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564427931425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564458384706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564458899862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459272987500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459762050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459964706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460218925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460536112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460745487500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461001893750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461335175000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461536425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564462021268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466146581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466438143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466879862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467082675000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467327675000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467601112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564468826112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564469089393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564472708925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564472903768750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473119550000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473639862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473838612500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564474599393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475013925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475250643750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475538143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477356112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477554081250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477956581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478190487500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478437206250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478656581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478919393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564479953300000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564480437831250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564481809706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564482141737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564482531581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564483412050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564484237206250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564485150956250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633567128117968750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633567129837031250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633567130148593750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633567132574218750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633581110761968750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633581112352593750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_700246359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_727291407_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_727483016_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_729829922_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_730226407_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_730875469_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_732093219_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_732767797_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733060547_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733661938_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733884969_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_734099266_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_735535110_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_741736282_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_741847704_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742193235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742284704_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742493235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742648235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742765375_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742860438_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743552047_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743670547_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743780204_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743899688_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_999644891_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_Email-04orange_gif-Colorized-633323306911237500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_PopUpBlocker-21_gif-comic02-633323306370612500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___weather_conduit_com_images_weather_Default_thunderstorm_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_bankimages_commandcomps_block_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_CommandComps_highlighter_dis_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_CommandComps_highlighter_icon_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_silkset_control_play_blue_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_ClientImages_radio_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16green_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16red_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss03x16blue_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_images_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_news_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_site_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_weather_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\RadioPlayer\Predefined_Media_List.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\&saslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___feeds_feedburner_com_metacafe_TYps.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___feeds_feedburner_com_metacafe_TYps_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___youtube_com_rss_global_top_viewed_today_rss.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___youtube_com_rss_global_top_viewed_today_rss_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\msratnit.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\comsatac.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\qviexio3.dat (Malware.Trace) -> Quarantined and deleted successfully.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~And the most recent scan.Malwarebytes' Anti-Malware 1.32Database version: 1617Windows 5.1.2600 Service Pack 31/8/2009 12:24:32 AMmbam-log-2009-01-08 (00-24-32).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 158923Time elapsed: 2 hour(s), 2 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~An updated Hijackthis log just incase its still needed.Logfile of HijackThis v1.99.1Scan saved at 12:27:33 AM, on 1/8/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\vphc700.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\mmc.exeC:\WINDOWS\system32\DfrgNtfs.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Luke\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061208R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=logoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061208R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exeO4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTMO8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.htmlO8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.htmlO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] InternationalO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cabO16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177893780500O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://ccas2.sdstate.edu/auth/CCALogin.CABO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXEO23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Edited January 8, 2009 by Sccrluk9 Link to post Share on other sites
sarahw Posted January 8, 2009 Report Share Posted January 8, 2009 We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites
c0pp3rt0p1 Posted January 8, 2009 Report Share Posted January 8, 2009 Because I forgot to say it in my previous post. Thank you Sarah for taking your time to help. I ran combo fix and got the log. When running it it said I still had Norton running which I uninstalled from my computer when the school made me get Symantec. I used the guide to disabling anti virus and was unable to find Norton anywhere so I went ahead and ran it with that warning. Since running ComboFix Facebook is back to normal as well as Google though I would still like to know if my machine is now Malware/Virus free.Here is the ComboFix log.ComboFix 09-01-08.01 - Luke 2009-01-08 11:32:55.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.507 [GMT -7:00]Running from: c:\documents and settings\Luke\Desktop\ComboFix.exeAV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)FW: Norton Internet Security 2006 *enabled*FW: Norton Internet Worm Protection *disabled* * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\documents and settings\Luke\Application Data\inst.exec:\windows\system32\AutoRun.infc:\windows\system32\wdmaud.sys----- BITS: Possible infected sites -----hxxp://137.216.156.171.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_PACKET-------\Service_Packet((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))))).2009-01-02 12:55 . 2009-01-02 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files2009-01-02 00:07 . 2009-01-05 00:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2009-01-02 00:07 . 2009-01-02 00:07 <DIR> d-------- c:\documents and settings\Luke\Application Data\Malwarebytes2009-01-02 00:07 . 2009-01-02 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2009-01-02 00:07 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys2009-01-02 00:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2009-01-02 00:03 . 2009-01-02 00:03 410,984 --a------ c:\windows\system32\deploytk.dll2009-01-01 23:24 . 2009-01-01 23:24 <DIR> d-------- c:\program files\FileSubmit2008-12-10 10:14 . 2008-10-23 05:36 286,720 --------- c:\windows\system32\dllcache\gdi32.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-08 18:28 --------- d-----w c:\program files\Symantec AntiVirus2009-01-08 06:41 --------- d-----w c:\program files\RGB2009-01-08 06:08 --------- d-----w c:\program files\QuickTime2009-01-08 06:07 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer2009-01-08 02:32 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink2009-01-07 07:33 --------- d-----w c:\documents and settings\Luke\Application Data\LimeWire2009-01-03 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab2009-01-02 18:54 --------- d-----w c:\program files\PicLensIE2009-01-02 18:54 --------- d-----w c:\program files\Astro Gemini Software2009-01-02 16:05 --------- d-----w c:\program files\SUPERAntiSpyware2009-01-02 07:03 --------- d-----w c:\program files\Java2008-12-27 18:38 --------- d-----w c:\program files\Diablo II2008-12-23 21:04 --------- d-----w c:\documents and settings\Luke\Application Data\gtk-2.02008-12-17 17:05 31 ----a-w c:\documents and settings\Luke\jagex_runescape_preferences.dat2008-12-04 21:17 --------- d-----w c:\program files\Apple Software Update2008-12-04 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple2008-12-02 00:51 --------- d-----w c:\documents and settings\Luke\Application Data\Ventrilo2008-12-02 00:45 94,208 ----a-w c:\windows\DIIUnin.exe2008-12-02 00:45 2,829 ----a-w c:\windows\DIIUnin.pif2008-12-01 19:31 --------- d-----w c:\program files\Ventrilo2008-12-01 19:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-11-24 00:26 --------- d-----w c:\documents and settings\Luke\Application Data\Corel2008-11-23 16:34 --------- d-----w c:\documents and settings\Luke\Application Data\TERMINAL Studio2008-11-23 16:34 --------- d-----w c:\documents and settings\Luke\Application Data\Astro Gemini Software2008-11-20 02:51 --------- d-----w c:\program files\MSECache2008-11-19 01:34 --------- d-----w c:\program files\DVDFab 52008-11-19 01:34 --------- d-----w c:\documents and settings\Luke\Application Data\Vso2008-11-11 22:45 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys2008-11-11 22:45 47,360 ----a-w c:\documents and settings\Luke\Application Data\pcouffin.sys2008-07-22 01:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072120080722\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-02 1830128]"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]"phc710"="c:\windows\vphc700.exe" [2005-07-20 339968]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-08 24576]Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-01-02 09:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux6"= wdmaud.sys[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]--a------ 2006-08-28 20:57 395776 c:\program files\Dell Support\DSAgnt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"="c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol"10426:UDP"= 10426:UDP:SingleClick ICC"1700:TCP"= 1700:TCP:MioNet Remote Drive Access"1641:TCP"= 1641:TCP:MioNet Remote Drive VerificationR1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]S3 cpuz128;cpuz128;c:\program files\PC Wizard 2008\pcwiz32.sys [2007-11-07 7808]S3 phc700;USB PC Camera (phc710);c:\windows\system32\drivers\phc700.sys [2008-06-01 541568]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c6bc06-f1e6-11db-9b3e-00038a000015}]\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:\Shell\Open\command - e:\resycled\boot.com e:.Contents of the 'Scheduled Tasks' folder2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]2009-01-08 c:\windows\Tasks\RegCure Program Check.job- c:\program files\RegCure\RegCure.exe [2008-04-21 14:21]2009-01-02 c:\windows\Tasks\RegCure.job- c:\program files\RegCure\RegCure.exe [2008-04-21 14:21].- - - - ORPHANS REMOVED - - - -HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file).------- Supplementary Scan -------.uStart Page = hxxp://www.facebook.com/home.php?ref=logoIE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTMIE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTMIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTMIE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTMIE: Open Link Target in Firefox - file://c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.htmlIE: View This Page in Firefox - file://c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.htmlTrusted Zone: www.runehq.comTrusted Zone: www.runescape.comc:\windows\system32\CCAWebLogin.ocx - O16 -: {C9D7D239-B502-48B3-BA25-9DF8C7264073}hxxps://ccas2.sdstate.edu/auth/CCALogin.CABc:\windows\Downloaded Program Files\CCAWebLogin.infFF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\FF - prefs.js: browser.startup.homepage - hxxp://www.new.facebook.com/home.php|http://www.msnbc.com/FF - component: c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\[email protected]\components\coolirisstub.dllFF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-08 11:41:22Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-2749155939-2939445629-2382682113-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]@Denied: (Full) (LocalSystem)@SACL=.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(904)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\Ati2evxx.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\ati2evxx.exec:\program files\Common Files\Symantec Shared\ccSetMgr.exec:\program files\Common Files\Symantec Shared\ccEvtMgr.exec:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exec:\windows\system32\WLTRYSVC.EXEc:\windows\system32\BCMWLTRY.EXEc:\program files\Symantec AntiVirus\DefWatch.exec:\windows\ehome\ehrecvr.exec:\windows\ehome\ehSched.exec:\program files\Dell Network Assistant\hnm_svc.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exec:\windows\ehome\mcrdsvc.exec:\windows\system32\dllhost.exec:\windows\system32\ati2evxx.exec:\windows\ehome\ehmsas.exec:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe.**************************************************************************.Completion time: 2009-01-08 11:44:34 - machine was rebooted [Luke]ComboFix-quarantined-files.txt 2009-01-08 18:44:05Pre-Run: 46,214,750,208 bytes freePost-Run: 46,576,087,040 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect234 --- E O F --- 2008-12-16 21:00:43 Link to post Share on other sites
sarahw Posted January 9, 2009 Report Share Posted January 9, 2009 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:Registry::[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000000[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 1Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites
c0pp3rt0p1 Posted January 9, 2009 Report Share Posted January 9, 2009 ComboFix 09-01-08.01 - Luke 2009-01-08 18:12:08.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.446 [GMT -7:00]Running from: c:\documents and settings\Luke\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Luke\Desktop\CFScript.txtAV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)FW: Norton Internet Security 2006 *enabled*FW: Norton Internet Worm Protection *disabled* * Created a new restore point.((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 ))))))))))))))))))))))))))))))).2009-01-02 12:55 . 2009-01-02 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files2009-01-02 00:07 . 2009-01-05 00:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2009-01-02 00:07 . 2009-01-02 00:07 <DIR> d-------- c:\documents and settings\Luke\Application Data\Malwarebytes2009-01-02 00:07 . 2009-01-02 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2009-01-02 00:07 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys2009-01-02 00:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2009-01-02 00:03 . 2009-01-02 00:03 410,984 --a------ c:\windows\system32\deploytk.dll2009-01-01 23:24 . 2009-01-01 23:24 <DIR> d-------- c:\program files\FileSubmit2008-12-10 10:14 . 2008-10-23 05:36 286,720 --------- c:\windows\system32\dllcache\gdi32.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-09 01:09 --------- d-----w c:\program files\Symantec AntiVirus2009-01-08 06:41 --------- d-----w c:\program files\RGB2009-01-08 06:08 --------- d-----w c:\program files\QuickTime2009-01-08 06:07 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer2009-01-08 02:32 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink2009-01-07 07:33 --------- d-----w c:\documents and settings\Luke\Application Data\LimeWire2009-01-03 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab2009-01-02 18:54 --------- d-----w c:\program files\PicLensIE2009-01-02 18:54 --------- d-----w c:\program files\Astro Gemini Software2009-01-02 16:05 --------- d-----w c:\program files\SUPERAntiSpyware2009-01-02 07:03 --------- d-----w c:\program files\Java2008-12-27 18:38 --------- d-----w c:\program files\Diablo II2008-12-23 21:04 --------- d-----w c:\documents and settings\Luke\Application Data\gtk-2.02008-12-17 17:05 31 ----a-w c:\documents and settings\Luke\jagex_runescape_preferences.dat2008-12-04 21:17 --------- d-----w c:\program files\Apple Software Update2008-12-04 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple2008-12-02 01:09 21,840 ----atw c:\windows\system32\SIntfNT.dll2008-12-02 01:09 17,212 ----atw c:\windows\system32\SIntf32.dll2008-12-02 01:09 12,067 ----atw c:\windows\system32\SIntf16.dll2008-12-02 00:51 --------- d-----w c:\documents and settings\Luke\Application Data\Ventrilo2008-12-02 00:45 94,208 ----a-w c:\windows\DIIUnin.exe2008-12-02 00:45 2,829 ----a-w c:\windows\DIIUnin.pif2008-12-01 19:31 --------- d-----w c:\program files\Ventrilo2008-12-01 19:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-12-01 04:19 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll2008-11-24 00:27 2,672 --sha-w c:\windows\system32\KGyGaAvL.sys2008-11-24 00:26 --------- d-----w c:\documents and settings\Luke\Application Data\Corel2008-11-23 16:34 --------- d-----w c:\documents and settings\Luke\Application Data\TERMINAL Studio2008-11-23 16:34 --------- d-----w c:\documents and settings\Luke\Application Data\Astro Gemini Software2008-11-20 02:51 --------- d-----w c:\program files\MSECache2008-11-19 01:34 --------- d-----w c:\program files\DVDFab 52008-11-19 01:34 --------- d-----w c:\documents and settings\Luke\Application Data\Vso2008-11-16 05:12 724,480 ----a-w c:\windows\system32\SeaStorm_3D_Screensaver.scr2008-11-11 22:45 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys2008-11-11 22:45 47,360 ----a-w c:\documents and settings\Luke\Application Data\pcouffin.sys2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll2008-07-22 01:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072120080722\index.dat.((((((((((((((((((((((((((((( snapshot@2009-01-08_11.43.01.31 ))))))))))))))))))))))))))))))))))))))))).+ 2009-01-08 18:36:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1f4.dat+ 2009-01-08 18:36:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_27c.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-02 1830128]"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]"phc710"="c:\windows\vphc700.exe" [2005-07-20 339968]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-08 24576]Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-01-02 09:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux6"= wdmaud.sys[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]--a------ 2006-08-28 20:57 395776 c:\program files\Dell Support\DSAgnt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"="c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol"10426:UDP"= 10426:UDP:SingleClick ICC"1700:TCP"= 1700:TCP:MioNet Remote Drive Access"1641:TCP"= 1641:TCP:MioNet Remote Drive VerificationR1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]S3 cpuz128;cpuz128;c:\program files\PC Wizard 2008\pcwiz32.sys [2007-11-07 7808]S3 phc700;USB PC Camera (phc710);c:\windows\system32\drivers\phc700.sys [2008-06-01 541568]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c6bc06-f1e6-11db-9b3e-00038a000015}]\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:\Shell\Open\command - e:\resycled\boot.com e:.Contents of the 'Scheduled Tasks' folder2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]2009-01-09 c:\windows\Tasks\RegCure Program Check.job- c:\program files\RegCure\RegCure.exe [2008-04-21 14:21]2009-01-02 c:\windows\Tasks\RegCure.job- c:\program files\RegCure\RegCure.exe [2008-04-21 14:21]..------- Supplementary Scan -------.uStart Page = hxxp://www.facebook.com/home.php?ref=logoIE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTMIE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTMIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTMIE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTMIE: Open Link Target in Firefox - file://c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.htmlIE: View This Page in Firefox - file://c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.htmlTrusted Zone: www.runehq.comTrusted Zone: www.runescape.comc:\windows\system32\CCAWebLogin.ocx - O16 -: {C9D7D239-B502-48B3-BA25-9DF8C7264073}hxxps://ccas2.sdstate.edu/auth/CCALogin.CABc:\windows\Downloaded Program Files\CCAWebLogin.infFF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\FF - prefs.js: browser.startup.homepage - hxxp://www.new.facebook.com/home.php|http://www.msnbc.com/FF - component: c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\[email protected]\components\coolirisstub.dllFF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-08 18:15:01Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-2749155939-2939445629-2382682113-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]@Denied: (Full) (LocalSystem)@SACL=.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(904)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\Ati2evxx.dll.Completion time: 2009-01-08 18:17:27ComboFix-quarantined-files.txt 2009-01-09 01:16:54ComboFix2.txt 2009-01-08 18:44:36Pre-Run: 46,603,194,368 bytes freePost-Run: 46,587,559,936 bytes free196 --- E O F --- 2008-12-16 21:00:43 Link to post Share on other sites
sarahw Posted January 10, 2009 Report Share Posted January 10, 2009 Hi,Try to see if you can completly remove Symantec now.As far as RegCure. Check my entry here about Registry cleaners. There is also a write up here about Registry Cleaners by Miekiemoes.How is the comptuer running now? Link to post Share on other sites
c0pp3rt0p1 Posted January 10, 2009 Report Share Posted January 10, 2009 Symantec is required by my college to connect to their servers so I have to leave that one on my computer.Thanks for the advice about the RegCure. It was suggested to me by a friend and given to me free though I have only ever used it twice. I didnt notice any increase after that so I figured it was pointless.Since the first run of ComboFix I havent had any problems with Google or Facebook and everything appears so far to be back to normal. Thanks for all your help. Link to post Share on other sites
sarahw Posted January 10, 2009 Report Share Posted January 10, 2009 I will reply back in a moment. Link to post Share on other sites
c0pp3rt0p1 Posted January 10, 2009 Report Share Posted January 10, 2009 Done.Thanks again for all the help! Link to post Share on other sites
sarahw Posted January 10, 2009 Report Share Posted January 10, 2009 1.The following will implement some cleanup procedures as well as reset System Restore points:Click Start > Run and copy/paste the following bolded text into the Run box and click OK:ComboFix /u Note: It is important you do this step2.Please download OTCleanIt from HERE to your desktop.Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.Congratulations, your log is now clean. A well protected computer should have at least an Anti Virus and Firewall, an Anti Spyware is also great addition to your computers security. Here is a list of tools I like to recommend to people that will help ensure safe surfing on the internet, and to help you from getting infected again. Note: DO NOT install more than one antivirus or Firewall program. They will conflict, and provide less protection, not more. Uninstall any existing Anti Virus\Firewall programs if you're going to install a new one. Free Online Scans:Free Active X and Java based online scans. You can use these scans from other companies and it will not interfere with your current Anti Virus. If you find that you are infected, post a Hijack This log in the forums.Kapersky online scanPanda Online ScanF-Secure Online ScanTrendMicro HouseCall online scanBit Defender online scanFree Temp Cleaners:Use these tools to clean temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. ATF cleaner recommended.CCleanerATF CleanerFree Firewall Downloads:You must have a Firewall installed on your computer. This helps stop anything from leaving or entering your computer without your permission.ZoneAlarm Kerio Firewall Free Anti Spyware Downloads:An Antispyware is a great tool that can help remove infections along side your Anti Virus. Some include real time protection, scheduled scans and automatic definition updates.AVG Antispyware A-Squared AntispywareSpywareGuardSpywareBlaster SpywareTerminator Spybot Search & DestroyAd AwareFree Anti Virus Downloads:A must have for all computers. Avast! recommended.SpywareTerminator With ClamAV Enabled.AntiVirAvast!Grisoft AVGBit Defender Free a² FreeComodo BOCleanSuperAntiSpywareOther Free Tools:SpywareGuardWorks as a Spyware "Shield" to protect your computer from getting malware in the first place.IE-SpyAdThis tool puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.Memtest86Great memory testing software.CPU-ZThis application gives detailed information about your system in a nice layoutSpeedfanReturns and monitors system temperatures.Windows UpdatesIt is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Useful Reading:Slow Computer? HERE are some tips to speed it up.Where do infections come from? How did I get an infection? Click HERE for some tips on preventing future infections.If you have any other problems or questions be sure to ask. Link to post Share on other sites
sarahw Posted January 10, 2009 Report Share Posted January 10, 2009 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts