Hijackthis Log[RESOLVED]


Recommended Posts

Hi all,

A friend of mine has an issue. His PC caught something nasty, and whenever he uses Google, he gets sent to moxiesearch.com. His Facebook also messes up. I asked him to run a scan with Hijackthis, so here it is. He's on Windows XP, by the way.

Logfile of HijackThis v1.99.1

Scan saved at 12:27:39 AM, on 1/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\vphc700.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Edd's Friend\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061208

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=logo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061208

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Edd's Friend\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html

O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Edd's Friend\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177893780500

O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://ccas2.sdstate.edu/auth/CCALogin.CAB

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Thanks in advance for your help! :)

Edd.

Link to post
Share on other sites

Hi,

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Hello, I am the friend Edd is trying to help. The Google problem disappeared a few days ago but came back tonight after not having downloaded anything except a FF addon update.

To further explain it and maybe increase the chance of someone knowing what is wrong here is a picture of what happens.

besttechiety4.jpg

Here is the first scan that removed quite a bit.

Malwarebytes' Anti-Malware 1.31

Database version: 1594

Windows 5.1.2600 Service Pack 3

1/2/2009 9:02:47 AM

mbam-log-2009-01-02 (09-02-46).txt

Scan type: Full Scan (C:\|)

Objects scanned: 161428

Time elapsed: 1 hour(s), 0 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 8

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 225

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Program Files\Live_TV\tbLive.dll (Adware.Agent) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00009e9f-ddd7-aa59-aa7d-aa4b7d6be000} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00009e9f-ddd7-aa59-aa7d-aa4b7d6be000} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00009e9f-ddd7-aa59-aa7d-aa4b7d6be000} (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Live_TV (Adware.Agent) -> Delete on reboot.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\RadioPlayer (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss (Adware.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\mscorews.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\Live_TV\tbLive.dll (Adware.Agent) -> Delete on reboot.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP581\A0075837.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Live_TV\toolbar.cfg (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Live_TV\UNWISE.EXE (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\LanguagePack.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\LocalSettings.txt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\ThirdPartyComponents.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\update.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_63_136_CT1360763_Images_1256613422_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1007681875_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1008632312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1010964906_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1013961671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1243915937_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1353559765_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1371430531_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1372002593_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1372811250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1374235656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1375182312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1377379968_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1433220828_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1434186671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1434335046_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1464688218_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584150234_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584161062_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584174671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584198968_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584213312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584224140_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584245562_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584260546_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584273093_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584288328_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584305562_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584319359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584332187_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584341578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584354890_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584366890_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584377828_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584397578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584413390_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584420750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584433812_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584441906_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584457437_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584470109_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1608030015_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1611650343_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1616510062_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-165335984_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-290489171_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-299253500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-32556781_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-35197640_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-502652203_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-504725421_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-511024656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-513104093_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-603321484_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-81342359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-81750281_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-82225000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-82719437_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-83346656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-83628484_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1256574750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1256594985_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1477248454_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1637862829_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1741325594_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_177267687_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1781662891_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1782898782_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1813859063_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1860419735_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2439924610_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2464261875_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2466903938_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3119843110_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3311231578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3502134688_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3505625313_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_358895313_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633206811540250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633206821795250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633211004690737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633211996783250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633243763802337500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633245535392631250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633245576226068750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633255875773387500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323304820925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323304996393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323305088425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323305474518750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633334172008068750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633341279781868750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633403616553356250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633463264160275000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563699265800000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563700066112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563701041737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563701379393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563702342050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563703174862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563703982050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563704387831250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563705109081250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563705426268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563706423925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563706733143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707318300000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707714237500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707991268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563708531893750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563709177987500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564427931425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564458384706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564458899862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459272987500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459762050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459964706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460218925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460536112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460745487500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461001893750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461335175000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461536425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564462021268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466146581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466438143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466879862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467082675000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467327675000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467601112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564468826112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564469089393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564472708925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564472903768750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473119550000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473639862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473838612500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564474599393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475013925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475250643750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475538143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477356112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477554081250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477956581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478190487500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478437206250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478656581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478919393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564479953300000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564480437831250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564481809706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564482141737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564482531581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564483412050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564484237206250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564485150956250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633567128117968750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633567129837031250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633567130148593750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633567132574218750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633581110761968750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633581112352593750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_700246359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_727291407_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_727483016_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_729829922_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_730226407_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_730875469_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_732093219_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_732767797_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733060547_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733661938_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733884969_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_734099266_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_735535110_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_741736282_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_741847704_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742193235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742284704_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742493235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742648235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742765375_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742860438_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743552047_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743670547_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743780204_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743899688_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_999644891_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_Email-04orange_gif-Colorized-633323306911237500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_PopUpBlocker-21_gif-comic02-633323306370612500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___weather_conduit_com_images_weather_Default_thunderstorm_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_bankimages_commandcomps_block_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_CommandComps_highlighter_dis_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_CommandComps_highlighter_icon_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_silkset_control_play_blue_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_ClientImages_radio_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16green_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16red_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss03x16blue_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_images_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_news_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_site_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_weather_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\RadioPlayer\Predefined_Media_List.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\&saslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___feeds_feedburner_com_metacafe_TYps.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___feeds_feedburner_com_metacafe_TYps_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___youtube_com_rss_global_top_viewed_today_rss.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Luke\Local Settings\Application Data\Live_TV\rss\http___youtube_com_rss_global_top_viewed_today_rss_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msratnit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\comsatac.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qviexio3.dat (Malware.Trace) -> Quarantined and deleted successfully.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And the most recent scan.

Malwarebytes' Anti-Malware 1.32

Database version: 1617

Windows 5.1.2600 Service Pack 3

1/8/2009 12:24:32 AM

mbam-log-2009-01-08 (00-24-32).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 158923

Time elapsed: 2 hour(s), 2 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

An updated Hijackthis log just incase its still needed.

Logfile of HijackThis v1.99.1

Scan saved at 12:27:33 AM, on 1/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\vphc700.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Luke\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061208

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=logo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061208

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html

O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177893780500

O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://ccas2.sdstate.edu/auth/CCALogin.CAB

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Edited by Sccrluk9
Link to post
Share on other sites

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Because I forgot to say it in my previous post. Thank you Sarah for taking your time to help.

I ran combo fix and got the log. When running it it said I still had Norton running which I uninstalled from my computer when the school made me get Symantec. I used the guide to disabling anti virus and was unable to find Norton anywhere so I went ahead and ran it with that warning. Since running ComboFix Facebook is back to normal as well as Google though I would still like to know if my machine is now Malware/Virus free.

Here is the ComboFix log.

ComboFix 09-01-08.01 - Luke 2009-01-08 11:32:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.507 [GMT -7:00]

Running from: c:\documents and settings\Luke\Desktop\ComboFix.exe

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

FW: Norton Internet Security 2006 *enabled*

FW: Norton Internet Worm Protection *disabled*

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\Luke\Application Data\inst.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\wdmaud.sys

----- BITS: Possible infected sites -----

hxxp://137.216.156.171

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PACKET

-------\Service_Packet

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))

.

2009-01-02 12:55 . 2009-01-02 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-01-02 00:07 . 2009-01-05 00:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-02 00:07 . 2009-01-02 00:07 <DIR> d-------- c:\documents and settings\Luke\Application Data\Malwarebytes

2009-01-02 00:07 . 2009-01-02 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-02 00:07 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-02 00:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-02 00:03 . 2009-01-02 00:03 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-01 23:24 . 2009-01-01 23:24 <DIR> d-------- c:\program files\FileSubmit

2008-12-10 10:14 . 2008-10-23 05:36 286,720 --------- c:\windows\system32\dllcache\gdi32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-08 18:28 --------- d-----w c:\program files\Symantec AntiVirus

2009-01-08 06:41 --------- d-----w c:\program files\RGB

2009-01-08 06:08 --------- d-----w c:\program files\QuickTime

2009-01-08 06:07 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-01-08 02:32 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink

2009-01-07 07:33 --------- d-----w c:\documents and settings\Luke\Application Data\LimeWire

2009-01-03 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-01-02 18:54 --------- d-----w c:\program files\PicLensIE

2009-01-02 18:54 --------- d-----w c:\program files\Astro Gemini Software

2009-01-02 16:05 --------- d-----w c:\program files\SUPERAntiSpyware

2009-01-02 07:03 --------- d-----w c:\program files\Java

2008-12-27 18:38 --------- d-----w c:\program files\Diablo II

2008-12-23 21:04 --------- d-----w c:\documents and settings\Luke\Application Data\gtk-2.0

2008-12-17 17:05 31 ----a-w c:\documents and settings\Luke\jagex_runescape_preferences.dat

2008-12-04 21:17 --------- d-----w c:\program files\Apple Software Update

2008-12-04 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2008-12-02 00:51 --------- d-----w c:\documents and settings\Luke\Application Data\Ventrilo

2008-12-02 00:45 94,208 ----a-w c:\windows\DIIUnin.exe

2008-12-02 00:45 2,829 ----a-w c:\windows\DIIUnin.pif

2008-12-01 19:31 --------- d-----w c:\program files\Ventrilo

2008-12-01 19:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-11-24 00:26 --------- d-----w c:\documents and settings\Luke\Application Data\Corel

2008-11-23 16:34 --------- d-----w c:\documents and settings\Luke\Application Data\TERMINAL Studio

2008-11-23 16:34 --------- d-----w c:\documents and settings\Luke\Application Data\Astro Gemini Software

2008-11-20 02:51 --------- d-----w c:\program files\MSECache

2008-11-19 01:34 --------- d-----w c:\program files\DVDFab 5

2008-11-19 01:34 --------- d-----w c:\documents and settings\Luke\Application Data\Vso

2008-11-11 22:45 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-11-11 22:45 47,360 ----a-w c:\documents and settings\Luke\Application Data\pcouffin.sys

2008-07-22 01:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072120080722\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-02 1830128]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]

"phc710"="c:\windows\vphc700.exe" [2005-07-20 339968]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-08 24576]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-01-02 09:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux6"= wdmaud.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2006-08-28 20:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

"1700:TCP"= 1700:TCP:MioNet Remote Drive Access

"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

S3 cpuz128;cpuz128;c:\program files\PC Wizard 2008\pcwiz32.sys [2007-11-07 7808]

S3 phc700;USB PC Camera (phc710);c:\windows\system32\drivers\phc700.sys [2008-06-01 541568]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c6bc06-f1e6-11db-9b3e-00038a000015}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:

\Shell\Open\command - e:\resycled\boot.com e:

.

Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-08 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2008-04-21 14:21]

2009-01-02 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2008-04-21 14:21]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.facebook.com/home.php?ref=logo

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

IE: Open Link Target in Firefox - file://c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html

IE: View This Page in Firefox - file://c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html

Trusted Zone: www.runehq.com

Trusted Zone: www.runescape.com

c:\windows\system32\CCAWebLogin.ocx - O16 -: {C9D7D239-B502-48B3-BA25-9DF8C7264073}

hxxps://ccas2.sdstate.edu/auth/CCALogin.CAB

c:\windows\Downloaded Program Files\CCAWebLogin.inf

FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.new.facebook.com/home.php|http://www.msnbc.com/

FF - component: c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\[email protected]\components\coolirisstub.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-08 11:41:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2749155939-2939445629-2382682113-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@SACL=

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Dell Network Assistant\hnm_svc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\ati2evxx.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe

.

**************************************************************************

.

Completion time: 2009-01-08 11:44:34 - machine was rebooted [Luke]

ComboFix-quarantined-files.txt 2009-01-08 18:44:05

Pre-Run: 46,214,750,208 bytes free

Post-Run: 46,576,087,040 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

234 --- E O F --- 2008-12-16 21:00:43

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 09-01-08.01 - Luke 2009-01-08 18:12:08.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.446 [GMT -7:00]

Running from: c:\documents and settings\Luke\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Luke\Desktop\CFScript.txt

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

FW: Norton Internet Security 2006 *enabled*

FW: Norton Internet Worm Protection *disabled*

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))

.

2009-01-02 12:55 . 2009-01-02 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-01-02 00:07 . 2009-01-05 00:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-02 00:07 . 2009-01-02 00:07 <DIR> d-------- c:\documents and settings\Luke\Application Data\Malwarebytes

2009-01-02 00:07 . 2009-01-02 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-02 00:07 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-02 00:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-02 00:03 . 2009-01-02 00:03 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-01 23:24 . 2009-01-01 23:24 <DIR> d-------- c:\program files\FileSubmit

2008-12-10 10:14 . 2008-10-23 05:36 286,720 --------- c:\windows\system32\dllcache\gdi32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-09 01:09 --------- d-----w c:\program files\Symantec AntiVirus

2009-01-08 06:41 --------- d-----w c:\program files\RGB

2009-01-08 06:08 --------- d-----w c:\program files\QuickTime

2009-01-08 06:07 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-01-08 02:32 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink

2009-01-07 07:33 --------- d-----w c:\documents and settings\Luke\Application Data\LimeWire

2009-01-03 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-01-02 18:54 --------- d-----w c:\program files\PicLensIE

2009-01-02 18:54 --------- d-----w c:\program files\Astro Gemini Software

2009-01-02 16:05 --------- d-----w c:\program files\SUPERAntiSpyware

2009-01-02 07:03 --------- d-----w c:\program files\Java

2008-12-27 18:38 --------- d-----w c:\program files\Diablo II

2008-12-23 21:04 --------- d-----w c:\documents and settings\Luke\Application Data\gtk-2.0

2008-12-17 17:05 31 ----a-w c:\documents and settings\Luke\jagex_runescape_preferences.dat

2008-12-04 21:17 --------- d-----w c:\program files\Apple Software Update

2008-12-04 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2008-12-02 01:09 21,840 ----atw c:\windows\system32\SIntfNT.dll

2008-12-02 01:09 17,212 ----atw c:\windows\system32\SIntf32.dll

2008-12-02 01:09 12,067 ----atw c:\windows\system32\SIntf16.dll

2008-12-02 00:51 --------- d-----w c:\documents and settings\Luke\Application Data\Ventrilo

2008-12-02 00:45 94,208 ----a-w c:\windows\DIIUnin.exe

2008-12-02 00:45 2,829 ----a-w c:\windows\DIIUnin.pif

2008-12-01 19:31 --------- d-----w c:\program files\Ventrilo

2008-12-01 19:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-01 04:19 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll

2008-11-24 00:27 2,672 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-11-24 00:26 --------- d-----w c:\documents and settings\Luke\Application Data\Corel

2008-11-23 16:34 --------- d-----w c:\documents and settings\Luke\Application Data\TERMINAL Studio

2008-11-23 16:34 --------- d-----w c:\documents and settings\Luke\Application Data\Astro Gemini Software

2008-11-20 02:51 --------- d-----w c:\program files\MSECache

2008-11-19 01:34 --------- d-----w c:\program files\DVDFab 5

2008-11-19 01:34 --------- d-----w c:\documents and settings\Luke\Application Data\Vso

2008-11-16 05:12 724,480 ----a-w c:\windows\system32\SeaStorm_3D_Screensaver.scr

2008-11-11 22:45 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-11-11 22:45 47,360 ----a-w c:\documents and settings\Luke\Application Data\pcouffin.sys

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-07-22 01:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072120080722\index.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-08_11.43.01.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-08 18:36:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1f4.dat

+ 2009-01-08 18:36:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_27c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-02 1830128]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]

"phc710"="c:\windows\vphc700.exe" [2005-07-20 339968]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-08 24576]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-01-02 09:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux6"= wdmaud.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2006-08-28 20:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

"1700:TCP"= 1700:TCP:MioNet Remote Drive Access

"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

S3 cpuz128;cpuz128;c:\program files\PC Wizard 2008\pcwiz32.sys [2007-11-07 7808]

S3 phc700;USB PC Camera (phc710);c:\windows\system32\drivers\phc700.sys [2008-06-01 541568]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c6bc06-f1e6-11db-9b3e-00038a000015}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:

\Shell\Open\command - e:\resycled\boot.com e:

.

Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-09 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2008-04-21 14:21]

2009-01-02 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2008-04-21 14:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.facebook.com/home.php?ref=logo

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

IE: Open Link Target in Firefox - file://c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html

IE: View This Page in Firefox - file://c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html

Trusted Zone: www.runehq.com

Trusted Zone: www.runescape.com

c:\windows\system32\CCAWebLogin.ocx - O16 -: {C9D7D239-B502-48B3-BA25-9DF8C7264073}

hxxps://ccas2.sdstate.edu/auth/CCALogin.CAB

c:\windows\Downloaded Program Files\CCAWebLogin.inf

FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.new.facebook.com/home.php|http://www.msnbc.com/

FF - component: c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\a3q45kez.default\extensions\[email protected]\components\coolirisstub.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-08 18:15:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2749155939-2939445629-2382682113-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@SACL=

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-01-08 18:17:27

ComboFix-quarantined-files.txt 2009-01-09 01:16:54

ComboFix2.txt 2009-01-08 18:44:36

Pre-Run: 46,603,194,368 bytes free

Post-Run: 46,587,559,936 bytes free

196 --- E O F --- 2008-12-16 21:00:43

Link to post
Share on other sites

Symantec is required by my college to connect to their servers so I have to leave that one on my computer.

Thanks for the advice about the RegCure. It was suggested to me by a friend and given to me free though I have only ever used it twice. I didnt notice any increase after that so I figured it was pointless.

Since the first run of ComboFix I havent had any problems with Google or Facebook and everything appears so far to be back to normal.

Thanks for all your help.

Link to post
Share on other sites

1.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Note: It is important you do this step

2.

Please download OTCleanIt from HERE to your desktop.

Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.

Congratulations, your log is now clean. :thumbsup:

A well protected computer should have at least an Anti Virus and Firewall, an Anti Spyware is also great addition to your computers security. Here is a list of tools I like to recommend to people that will help ensure safe surfing on the internet, and to help you from getting infected again.

Note: DO NOT install more than one antivirus or Firewall program. They will conflict, and provide less protection, not more. Uninstall any existing Anti Virus\Firewall programs if you're going to install a new one.

Free Online Scans:

Free Active X and Java based online scans. You can use these scans from other companies and it will not interfere with your current Anti Virus. If you find that you are infected, post a Hijack This log in the forums.

Free Temp Cleaners:

Use these tools to clean temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. ATF cleaner recommended.

Free Firewall Downloads:

You must have a Firewall installed on your computer. This helps stop anything from leaving or entering your computer without your permission.

Free Anti Spyware Downloads:

An Antispyware is a great tool that can help remove infections along side your Anti Virus. Some include real time protection, scheduled scans and automatic definition updates.

Free Anti Virus Downloads:

A must have for all computers. Avast! recommended.

Other Free Tools:

  • SpywareGuard
    Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd
    This tool puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • Memtest86
    Great memory testing software.
  • CPU-Z
    This application gives detailed information about your system in a nice layout
  • Speedfan
    Returns and monitors system temperatures.
  • Windows Updates
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Useful Reading:

Slow Computer? HERE are some tips to speed it up.

Where do infections come from? How did I get an infection? Click HERE for some tips on preventing future infections.

If you have any other problems or questions be sure to ask. :)

Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.