View Full Version : im new here hope im doing this right, sorry if not
letters4jeff
2008-08-30, 04:05
i have what i think is called the project1 virus/malware on my computer. it showed up either through msn messenger or i read somewhere else it can be a pop up from a site called porntube. i have sent a logfile done today from hi jack this, i recognize some of the files as being bad because i read about them when i was trying to find info about this virus but i dont know what to delete. any help would sure be appreciated. thank you...........jeff
pskelley
2008-08-31, 14:47
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
If you want help, follow these directions:
1) Read the instructions posted above and pinned (sticky) to the top of this forum.
All logs should be copy/pasted into topic and not attached unless requested by helper in that format.
2) LimeWire <<< File Sharing, otherwise known as Peer To Peer. (P2P)
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
Uninstall all file sharing programs.
3) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)
4) http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.
Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Post only the C:\rapport.txt
Thanks
letters4jeff
2008-09-04, 20:17
SmitFraudFix v2.345
Scan done at 13:08:20.45, Thu 09/04/2008
Run from C:\Documents and Settings\Brooke\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brooke
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brooke\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Brooke\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Applications\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cac60ee7-ebe0-4082-be2a-3abf704b7af0}"="glycosulfatase"
[HKEY_CLASSES_ROOT\CLSID\{cac60ee7-ebe0-4082-be2a-3abf704b7af0}\InProcServer32]
@="C:\WINDOWS\system32\wighg.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cac60ee7-ebe0-4082-be2a-3abf704b7af0}\InProcServer32]
@="C:\WINDOWS\system32\wighg.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VM Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 24.247.15.53
DNS Server Search Order: 24.247.24.53
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2008-09-04, 21:12
Thanks for returning your information, Smitfraudfix found the infection and it also found this:
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
After we clean, in the next C:\rapport.txt, there may be a very large hosts file (items starting with 127.0.0.1) and I do not need to see it. Edit (remove) it from the C:\rapport.txt before you post it.
Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infected files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
Post the C:\rapport.txt and a new HJT log.
Thanks
letters4jeff
2008-09-05, 03:29
here is the report after i deleted the billion and a half 127 filesSmitFraudFix v2.345
Scan done at 20:25:02.20, Thu 09/04/2008
Run from C:\Documents and Settings\Brooke\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brooke
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brooke\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Brooke\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VM Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 24.247.15.53
DNS Server Search Order: 24.247.24.53
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2008-09-05, 13:07
here is the report after i deleted the billion and a half 127 filesSmitFraudFix v2.345
All you had to do was highlite them all with your mouse and hit the delete key?
You must read the instructions and follow them if we are to continue!
Clean: Reboot your computer in Safe Mode
Scan done at 20:25:02.20, Thu 09/04/2008
Fix run in normal mode
Post the C:\rapport.txt and a new HJT log.
letters4jeff
2008-09-05, 23:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:14, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187272160125
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
End of file - 4474 bytes
letters4jeff
2008-09-05, 23:11
all the 127 files or whateevr they are, how can i delete thos like you say without deleting the rest of the scan results? sorry im not good with computers, im learning but if i was i would have this problem maybe. what are all thos files? how did they get there? is that a normal thing? and how can i prevent this whole deal from happenning again, i have had spybot, hijack this and rising antivirus and avast for yrs before this happenned how did it get past all that?
pskelley
2008-09-05, 23:25
Listen up, remote repairs like this are not the easiest thing to do and you are struggling with basic computing directions.
I need the HJT log posted in normal mode and you have posted it in:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:14, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
I need the Smitfraudfix clean function run in Safe Mode and the Hosts file items edited out of the report before you post it.
You will need to get someone with more computer experience to help with this if we are to proceed. As sorry as I feel for you being infected by hackers through no fault of your own, I can not teach computering 101, that is not my "volunteer" job.
Thanks
letters4jeff
2008-09-06, 06:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:09, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187272160125
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
End of file - 5925 bytes
letters4jeff
2008-09-06, 07:11
SmitFraudFix v2.345
Scan done at 0:00:35.29, Sat 09/06/2008
Run from C:\Documents and Settings\Brooke\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Brooke\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brooke
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brooke\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Brooke\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
there ya go, sorry for asking questions, i just wanted some simple info on what this all is and how to prevent it. so i dont have to bother you again, ok
letters4jeff
2008-09-06, 07:33
SmitFraudFix v2.345
Scan done at 0:16:52.65, Sat 09/06/2008
Run from C:\Documents and Settings\Brooke\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F8CE2656-255D-4D88-A7BE-68B2A609D32E}: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.247.15.53 24.247.24.53
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2008-09-06, 16:23
i just wanted some simple info on what this all is and how to prevent it. so i dont have to bother you again, ok
Before we finish I will provide information from malware/security experts that should answer all of your questions, and it is certainly not a bother. Being a volunteer, if it were I would not do it.
In my first instructions, #3 I asked this:
disable TeaTimer and (leave TT disabled until we finish)
In this HJT log: Scan saved at 23:55:09, on 9/5/2008
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Rising\Rav\Ravmon.exe <<< can you assure me this is a valid, safe program.
Remove (delete) Smitfraudfix from your computer.
Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
Tell me now how the computer is running, any malware issues?
Thanks
letters4jeff
2008-09-06, 19:21
Malwarebytes' Anti-Malware 1.26
Database version: 1119
Windows 5.1.2600 Service Pack 3
9/6/2008 12:17:13 PM
mbam-log-2008-09-06 (12-17-13).txt
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 95941
Time elapsed: 51 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 32
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\x123.x123mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{176d799e-6c8c-4d1a-8024-044d96a035e2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\WinSecureAv (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Config (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\AWBase (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\AWBase\database (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\PGBase (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\plugins (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\LA (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\AAV (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\120237 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Temp\NI.UGA6P_0001_N122M2802 (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\System Volume Information\_restore{7AAF2E54-26E2-4CF4-ACD7-01709D1A0B68}\RP95\A0029162.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\al.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\unins000.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Config\pgs.xml (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\Activate.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\BkSites.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\bnlink.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\cd.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\incmp.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\index.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\pv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\AWBase\vbpv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\AWBase\database\enemies.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\PGBase\vbpv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\plugins\vbpv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\cross.gif (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\ga6p.gif (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\kb.url (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\Online.url (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\rm.url (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\Support.url (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\LA\lapv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\LA\License.rtf (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\ASupdater.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\PGupdater.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\UBupdater.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\up.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\updater.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
letters4jeff
2008-09-06, 19:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:22, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Rhapsody\rhapsody.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187272160125
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
End of file - 6018 bytes
letters4jeff
2008-09-06, 19:30
that malware scan found 50 infected objects! i think things should be ok now, i am going to restart and see, this is only a temporary computer i am borrowing from my parents because the graphics card went out on mine but with this one, they bought at a employee sale at the local hospitol my dad works at so had no idea about the history of it and their teenage grand daughter downloads things with it so hopefully things are good now. about the rising anti virus program i use, its a chinese program that i had installed way before all this happenned, its highly recommended on alot of sites, like pc world and a few other sites, its worked great so far, better than avast which i also use. but any recommendations you have i am willing to try. thanks
pskelley
2008-09-06, 19:36
OK, and I give up asking you to disable Teatimer:sad:
Clean infected System Restore files:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
letters4jeff
2008-09-06, 19:46
i thought i disabled tea timer along time ago, so i had no idea it was still on, but i still have problems. when i restart i get a balloon message that says "your computer is at risk, no firewall turned on" it looks fake, not a windows program. also if i try to search using the mozzilla firefox toolbar (google) it says "failed to connect" and the url is internetsearchservice anyway i have been so busy the last few days and i have to leave for a wedding im in soon, i will have to work on it more tommorrow. i will disable tea timer again, i dont know what that even does. thanks for your patience.
pskelley
2008-09-06, 19:58
I have had probelms getting you to follow directions from the beginning, you never bothered reading them before you posted to start with. When you are ready to follow directions and have the time to work on this cleanup, then follow these directions, but not before. There are other folks waiting for help.
1) Follow these directions if you have no other firewall running on the computer.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
2) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)
3) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Remove any old copies of combofix before you proceed.
Thanks to sUBs and anyone else who helped with this fix.
It is important that it is saved directly to your Desktop.
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the combofix log and a new HJT log.
letters4jeff
2008-09-06, 20:16
i turned off tea timer just like you said (i did it early on like you said too) but then i rebooted and checked it again to see if it was still on and it was on again, so i turned it off again and it should still be off, as for combo fix, i have never downloaded or used it at all, so it should not be on this computer (unless you saw it on a logfile and i dont know it) i will have to do the rest tommorrow. sorry ive been keeping you so busy, and i appreciate your time.
letters4jeff
2008-09-09, 03:34
ComboFix 08-09-05.09 - Brooke 2008-09-08 20:20:25.1 - NTFSx86
Running from: C:\Documents and Settings\Brooke\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\url(3).dll
.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.
2008-09-06 11:14 . 2008-09-06 11:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 11:14 . 2008-09-06 11:14 <DIR> d-------- C:\Documents and Settings\Brooke\Application Data\Malwarebytes
2008-09-06 11:14 . 2008-09-06 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 11:14 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-06 11:14 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 15:31 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-05 15:31 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-05 15:31 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-04 13:08 . 2008-09-06 00:17 676 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-30 14:28 . 2008-08-30 14:41 <DIR> d-------- C:\Program Files\Security Task Manager
2008-08-30 14:28 . 2008-08-30 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-08-30 13:57 . 2008-08-30 15:33 <DIR> d-------- C:\Program Files\BHODemon 2
2008-08-29 20:41 . 2008-08-29 20:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-29 18:00 . 2008-08-29 18:00 <DIR> d-------- C:\Program Files\ToniArts
2008-08-29 15:34 . 2008-08-29 15:34 <DIR> d--h----- C:\Documents and Settings\Brooke\Application Data\yahoo!
2008-08-29 01:07 . 2008-08-29 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-29 00:58 . 2008-08-29 11:29 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-27 14:21 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-27 13:59 . 2008-08-27 13:59 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-27 13:59 . 2008-08-27 13:59 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-27 13:59 . 2008-08-27 13:59 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-27 13:59 . 2008-08-27 13:59 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 18:54 . 2008-08-26 18:56 <DIR> d-------- C:\Program Files\Musicmatch
2008-08-26 18:54 . 2008-08-26 18:54 <DIR> d-------- C:\Documents and Settings\Brooke\Application Data\Musicmatch
2008-08-26 18:48 . 2008-08-26 18:48 <DIR> d-------- C:\Program Files\Thomson
2008-08-26 15:53 . 2008-08-30 15:44 <DIR> d-------- C:\Documents and Settings\Brooke\Application Data\LimeWire
2008-08-26 12:57 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-26 12:56 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-26 12:56 . 2008-04-13 20:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-08-26 12:56 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-08-26 12:55 . 2008-04-13 20:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-08-26 12:55 . 2008-04-13 20:12 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-08-26 12:55 . 2008-04-13 20:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-08-26 12:55 . 2008-04-13 20:12 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-08-26 12:55 . 2008-04-13 20:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-08-26 12:55 . 2008-04-13 20:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-08-26 12:54 . 2008-04-13 20:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-26 12:54 . 2008-04-13 20:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-08-26 12:54 . 2008-04-13 20:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-08-26 12:54 . 2008-04-13 20:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-08-26 12:54 . 2008-04-13 13:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-26 12:54 . 2008-04-13 14:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-08-26 12:54 . 2008-04-13 20:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-08-26 12:53 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-26 12:53 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 12:53 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 12:53 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 12:53 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 12:52 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 12:52 . 2008-04-13 20:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-08-26 12:52 . 2008-04-13 20:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-08-26 12:52 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 12:52 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 12:52 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 12:52 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 12:52 . 2007-06-21 01:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-08-26 12:51 . 2008-04-13 20:11 184,832 --------- C:\WINDOWS\system32\eapp3hst.dll
2008-08-26 12:51 . 2008-04-13 20:11 180,224 --------- C:\WINDOWS\system32\eapphost.dll
2008-08-26 12:51 . 2008-04-13 12:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-08-26 12:51 . 2008-04-13 20:11 126,976 --------- C:\WINDOWS\system32\eappcfg.dll
2008-08-26 12:51 . 2008-04-13 20:11 94,208 --------- C:\WINDOWS\system32\eappgnui.dll
2008-08-26 12:51 . 2008-04-13 20:11 59,392 --------- C:\WINDOWS\system32\eapqec.dll
2008-08-26 12:51 . 2008-04-13 20:11 40,960 --------- C:\WINDOWS\system32\eappprxy.dll
2008-08-26 12:51 . 2008-04-13 20:11 33,792 --------- C:\WINDOWS\system32\eapsvc.dll
2008-08-26 12:51 . 2008-04-13 20:11 30,720 --------- C:\WINDOWS\system32\eapolqec.dll
2008-08-25 12:55 . 2008-08-25 12:55 <DIR> d-------- C:\Documents and Settings\Brooke\dwhelper
2008-08-24 20:27 . 2008-08-24 20:27 <DIR> d-------- C:\Program Files\FDRLab
2008-08-24 20:27 . 2008-08-24 20:27 <DIR> d-------- C:\Documents and Settings\Brooke\Application Data\FDRLab
2008-08-19 16:34 . 2008-08-19 16:34 <DIR> d-------- C:\WINDOWS\Sun
2008-08-19 12:55 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-19 12:53 . 2008-08-19 12:55 <DIR> d-------- C:\Program Files\Java
2008-08-19 12:52 . 2008-08-19 12:52 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-13 15:25 . 2005-08-16 12:23 38,422 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-08-13 15:24 . 2008-08-13 15:25 <DIR> d-------- C:\Program Files\Creative
2008-08-12 19:08 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 19:07 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-10 23:19 . 2008-09-05 22:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-10 23:19 . 2008-08-10 23:19 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 18:44 --------- d-----w C:\Program Files\Picasa2
2008-08-29 22:19 --------- d-----w C:\Program Files\TomTom HOME
2008-08-29 22:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 16:31 --------- d-----w C:\Documents and Settings\Brooke\Application Data\U3
2008-08-27 14:04 164,976 ----a-w C:\WINDOWS\system32\drivers\HookSys.sys
2008-08-25 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 16:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-07 15:31 --------- d-----w C:\Documents and Settings\Brooke\Application Data\Corel
2008-08-07 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-08-06 17:03 10,736 ----a-w C:\WINDOWS\system32\drivers\RsNTGdi.sys
2008-08-06 17:02 62,576 ----a-w C:\WINDOWS\system32\drivers\HookNtos.sys
2008-08-06 17:02 38,256 ----a-w C:\WINDOWS\system32\drivers\HOOKREG.sys
2008-08-06 17:02 30,704 ----a-w C:\WINDOWS\system32\drivers\HookHelp.sys
2008-08-06 17:02 13,808 ----a-w C:\WINDOWS\system32\drivers\HookCont.sys
2008-08-05 15:48 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-05 15:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-05 15:48 --------- d-----w C:\Program Files\Belkin
2008-08-01 22:00 --------- d-----w C:\Program Files\Pure Networks
2008-08-01 22:00 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-01 21:58 --------- d-----w C:\Documents and Settings\Brooke\Application Data\AOL
2008-08-01 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-01 21:19 --------- d-----w C:\Program Files\Common Files\aolback
2008-08-01 21:17 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-08-01 21:17 --------- d-----w C:\Documents and Settings\Brooke\Application Data\You've Got Pictures Screensaver
2008-08-01 21:16 --------- d-----w C:\Program Files\QuickTime
2008-08-01 21:15 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-08-01 21:15 --------- d-----w C:\Program Files\Common Files\Real
2008-08-01 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-08-01 21:14 --------- d-----w C:\Program Files\Real
2008-08-01 21:13 --------- d-----w C:\Program Files\Viewpoint
2008-08-01 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-01 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-07-26 16:37 --------- d-----w C:\Documents and Settings\Brooke\Application Data\HP
2008-07-26 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-07-26 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-26 16:29 --------- d-----w C:\Program Files\HP
2008-07-20 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-07-20 06:38 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-07-20 06:36 --------- d-----w C:\Program Files\Logitech
2008-07-20 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-20 06:35 --------- d-----w C:\Program Files\Labtec
2008-07-19 21:37 88 --sh--r C:\Documents and Settings\All Users\Application Data\FA785541EB.sys
2008-07-19 21:37 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2003-06-25 20:05 266,360 ----a-r C:\Program Files\TweakUI.exe
2007-08-16 16:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RavTask"="C:\Program Files\Rising\Rav\RavTask.exe" [2008-08-06 211568]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-08-01 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-01 98304]
C:\Documents and Settings\Brooke\Start Menu\Programs\Startup\
BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe [2005-02-12 778240]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "C:\WINDOWS\system32\RavExt.dll" [2008-08-06 113264]
[HKLM\~\startupfolder\C:^Documents and Settings^Brooke^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Brooke\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2005-06-15 08:56 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-06-15 08:56 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-05-15 17:34 3975848 C:\Program Files\TomTom HOME\TomTomHOME.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Rhapsody\\rhapsody.exe"=
R0 RsNTGDI;RsNTGDI;C:\WINDOWS\system32\Drivers\RsNTGdi.sys [2008-08-06 10736]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 HookCont;HookCont;C:\WINDOWS\system32\drivers\HookCont.sys [2008-08-06 13808]
R1 HookNtos;HookNtos;C:\WINDOWS\system32\drivers\HookNtos.sys [2008-08-06 62576]
R1 HookReg;HookReg;C:\WINDOWS\system32\drivers\HookReg.sys [2008-08-06 38256]
R1 HookSys;HookSys;C:\WINDOWS\system32\drivers\HookSys.sys [2008-08-27 164976]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 RsCCenter;Rising Process Communication Center;C:\Program Files\Rising\Rav\CCenter.exe [2008-08-06 162416]
S2 RsRavMon;Rising RealTime Monitor;C:\PROGRAM FILES\RISING\RAV\Ravmond.exe [2008-08-06 395888]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 20704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae15fa43-4bd7-11dc-8a83-806d6172696f}]
\Shell\AutoRun\command - D:\OSDRUN.EXE /w2kPlus /ShowError OSDICW.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c683a04e-b32d-11dc-a1a0-0008021b644e}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\b6n8fd6y.default\
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 20:26:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-08 20:30:33
ComboFix-quarantined-files.txt 2008-09-09 00:30:21
Pre-Run: 7,074,246,656 bytes free
Post-Run: 7,065,399,296 bytes free
219 --- E O F --- 2008-08-29 05:51:52
letters4jeff
2008-09-09, 03:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:57, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (disabled by BHODemon)
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187272160125
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
--
End of file - 5670 bytes
pskelley
2008-09-09, 13:29
If you are having any malware issues, please describe them. If you receive any error messages from Windows, post those word for word, exactly as you receive them.
Thanks
letters4jeff
2008-09-09, 19:12
the only problems i am having now/still which are really just annoying more than affecting computer performance is that when i turn on my computer and the start up items are loading a window pops up in the bottom right corner that says "your computer is at risk,no firewall has been detected, click this window to fix this problem" there is a red shield similar to the one windows uses but it looks fake, like a cheap replica. you click on it and it open ie but never opens any websites, just tries to load one. i have my windows firewall on and up to date, always have. even after that message appears you can go to the windows security center and see that the firewall and all related settings are enabled. the only other problem is on the mozilla firefox home page, in the tool bars in the top right corner you have a search bar where you type in what ever your want to search for and there is a icon of a magnifying glass there you click on to start a search, well when you try to use that a normal looking page comes up that says failed to connect firefox cannot establish a connection to "internetsearchservice.com" also i have a add on to firefox called wot, it warns you of dangerous sites before you click on them and so when i try to use that search bar in the top right corner a bar comes up from wot that states this site is dangerous and gives me the red warning dot. now if i search by clicking on the home icon in firefox and getting back to the start page with the large google search function in the middle i can use it just fine. i have tried finding that "internetsearchservice" all over my computer to try and delete or disable it but i cant find where its hiding, its not listed as a bho anywhere i can see, and no antivirus, malware program has found it yet. hope that helps, thats about as good as i cand describe it. what do all those log reports show? anything thats not suppossed to be there? or do they all look ok now? better than they were?
pskelley
2008-09-09, 19:22
Thanks, let's start looking for what is causing it.
1) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here.
Thanks
letters4jeff
2008-09-09, 19:33
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8
AnyTV Free 2.21
avast! Antivirus
Belkin 54g USB Network Adapter
BHODemon 2.0.0.22
EasyCleaner
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 7
Labtec Legacy USB Camera Driver Package
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Video Enumerator
Lyra Jukebox Applications
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.1)
MP3 Player Recovery Tool
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
MVision
Picasa 2
QuickTime
RealPlayer Basic
Rhapsody
Rhapsody Player Engine
Rhapsody Player Engine
Rising Antivirus
Security Task Manager 1.7f
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Spybot - Search & Destroy
TomTom HOME
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Viewpoint Media Player
Windows Communication Foundation
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
letters4jeff
2008-09-10, 01:28
well i just got back online, sorry, somehow i could not connect to the internet, my lan connection was disabled. so while trying to figure that out i thought i had some serious problems with my browser (firefox) so i uninstalled it and after reconfiguring the lan i re downloaded it. that must have helped because i have no more "internetsearchservice" in the search bar and i can use it like i should be able too. so seems like everything is ok now and back to normal. thank you for your help! is there anything else i should do? think i should run that kapersky scan yet? anything else?
pskelley
2008-09-10, 02:10
Thanks for the feedback, it's possible something infected the Firefox browser, did you try Internet Explorer to see if it had the same issues. Sounds like something got plugged into Firefox and it was removed when you uninstalled.
I would like you to update MBAM and run a new scan, post the results.
Post any comments you think will help.
Thanks
letters4jeff
2008-09-10, 02:21
yes after uninstalling firefox i used ie to reinstall it, it had the same problems as firefox did before i uninstalled it. re installed firefox and updated ie to the new ie beta 8 and all is good now.
letters4jeff
2008-09-10, 02:22
was that the mallware bytes program? do that in normal mode? or safe mode? normal right?
letters4jeff
2008-09-10, 03:13
thought i was ok, but it found 295 infected things! wow. deleted what i could, quarantined the rest and then deleted that. here is the logfile, yeah i forgot to update it so i will run it again, see if anything new came up. logfileMalwarebytes' Anti-Malware 1.26
Database version: 1119
Windows 5.1.2600 Service Pack 3
9/9/2008 8:05:38 PM
mbam-log-2008-09-09 (20-05-38).txt
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 88100
Time elapsed: 40 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 282
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\RadioPlayer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\rss (Adware.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Live_TV\tbLive.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\toolbar.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\UNWISE.EXE (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\LanguagePack.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\LocalSettings.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\ThirdPartyComponents.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\update.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_63_136_CT1360763_Images_1256613422_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1007681875_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1008632312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1010964906_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1013961671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1243915937_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1353559765_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1371430531_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1372002593_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1372811250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1374235656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1375182312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1377379968_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1433220828_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1434186671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1434335046_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1464688218_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584150234_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584161062_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584174671_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584198968_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584213312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584224140_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584245562_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584260546_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584273093_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584288328_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584305562_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584319359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584332187_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584341578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584354890_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584366890_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584377828_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584397578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584413390_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584420750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584433812_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584441906_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584457437_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1584470109_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1608030015_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1611650343_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-1616510062_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-165335984_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-290489171_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-299253500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-32556781_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-35197640_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-502652203_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-504725421_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-511024656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-513104093_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-603321484_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-81342359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-81750281_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-82225000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-82719437_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-83346656_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_-83628484_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1256574750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1256594985_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1477248454_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1552287017_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1554251189_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1554265408_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1554455986_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1555398283_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1624513986_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1624730314_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1624820189_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1625167689_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1625234486_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1627867298_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1627928611_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1628006626_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1628068220_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1637862829_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1741325594_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_177267687_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1781662891_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1782898782_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1813859063_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_1860419735_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2013509328_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2013533531_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2013556140_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2013616343_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2013643968_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2013659187_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2081753890_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2081820218_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2081917312_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2081936421_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2081956062_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2439924610_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2464261875_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2466903938_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2984787547_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_2984799422_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3119843110_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3153796968_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3153977500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3154062578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3154204218_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3154310250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3154423187_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3154480734_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3154577718_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3154625234_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3311231578_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3502134688_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_3505625313_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_358895313_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633206811540250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633206821795250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633211004690737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633211996783250000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633224679115762500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633224682944825000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633243763802337500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633245535392631250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633245576226068750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633247907027431250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633255875773387500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323304820925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323304996393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323305088425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633323305474518750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633334172008068750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633334897125850000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633341279781868750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365890420725000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365891331506250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365896714631250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365897883537500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365900240568750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365902178381250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365903619943750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365904842287500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365905858537500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365906769475000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365911141037500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365913363381250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365917218381250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365919615412500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633365928237131250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633403616553356250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633463264160275000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633498481825000000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633511392633125000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563699265800000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563700066112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563701041737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563701379393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563702342050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563703174862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563703982050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563704387831250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563705109081250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563705426268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563706423925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563706733143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707318300000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707714237500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563707991268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563708531893750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633563709177987500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564427931425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564458384706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564458899862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459272987500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459762050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564459964706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460218925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460536112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564460745487500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461001893750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461335175000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564461536425000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564462021268750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466146581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466438143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564466879862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467082675000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467327675000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564467601112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564468826112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564469089393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564472708925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564472903768750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473119550000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473639862500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564473838612500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564474599393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475013925000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475250643750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564475538143750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477356112500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477554081250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564477956581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478190487500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478437206250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478656581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564478919393750_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564479953300000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564480437831250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564481809706250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564482141737500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564482531581250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564483412050000_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564484237206250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_633564485150956250_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_700246359_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_727291407_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_727483016_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_729829922_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_730226407_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_730875469_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_732093219_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_732767797_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733060547_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733661938_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_733884969_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_734099266_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_735535110_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_741736282_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_741847704_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742193235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742284704_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742493235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742648235_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742765375_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_742860438_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743552047_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743670547_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743780204_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_743899688_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_999644891_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_Email-04orange_gif-Colorized-633323306911237500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___storage_conduit_com_65_64_CT649865_Images_PopUpBlocker-21_gif-comic02-633323306370612500_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_bankimages_commandcomps_block_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_CommandComps_highlighter_dis_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_CommandComps_highlighter_icon_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_BankImages_silkset_control_play_blue_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_ClientImages_radio_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_main_menu_about_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_main_menu_clear_history_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_main_menu_contact_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_images_main_menu_help_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_main_menu_home_page_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_main_menu_options_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_main_menu_privacy_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_main_menu_refresh_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_main_menu_shrink_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_images_main_menu_tell_a_friend_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_images_main_menu_upgrade_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16green_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16red_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss01x16_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_rssImages_rrs16Images_rss03x16blue_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_images_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_news_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_site_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\CacheIcons\http___www_conduit_com_Images_SearchEngines_weather_search_gif.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\RadioPlayer\Predefined_Media_List.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\rss\aslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\rss\http___feeds_feedburner_com_metacafe_TYps.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\rss\http___feeds_feedburner_com_metacafe_TYps_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\rss\http___youtube_com_rss_global_top_viewed_today_rss.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brooke\Local Settings\Application Data\Live_TV\rss\http___youtube_com_rss_global_top_viewed_today_rss_structured.xml (Adware.Agent) -> Quarantined and deleted successfully.
pskelley
2008-09-10, 03:19
Please turn off Word Wrap under Format in Notepad.
Make sure you have the latest updates for MBAM, then restart the computer in Safe Mode when the junk will not be running.
http://spyware-free.us/tutorials/safemode/
When you get to Safe Mode, run MBAM again and post the log.
Thanks
pskelley
2008-09-17, 03:50
When you get to Safe Mode, run MBAM again and post the log.
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.