Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this


  • This topic is locked This topic is locked
14 replies to this topic

#1 wreckless

wreckless

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 29 March 2009 - 02:34 AM

hi when i go on my ebay account it says i am watching items when i delete them others or the same come back up when i click off watching
i would like someone to look at my hijack this file to see if there is anything on my pc i need to remove please

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 08:19:09, on 29/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Documents and Settings\Main\Desktop\pc service\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229622335546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229622322406
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://argus.sunderland.ac.uk/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://131.111.48.34/activex/AMC.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7212 bytes

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2009 - 04:03 AM

I have moved your Topic that included a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.

We understand that dealing with malware issues and getting help can be frustrating but improperly posting a log usually happens if you missed the directions we provide to those who require malware removal assistance. Prior to posting a log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system.

Please complete all the steps in the Guide. If you can't perform a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Prep Guide to post a new log.

Please DO NOT post any more logs to this topic, or post a log again in the wrong forum.

The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for.

When your new DDS/HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done.

Thanks for your cooperation and good luck.
The BC Staff

#3 wreckless

wreckless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 29 March 2009 - 04:54 AM

have moved your Topic that included a HijackThis log here

where is here
can you please let me know link

#4 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2009 - 06:14 AM

It is here in this thread wreckless, post #1 :thumbup2:

#5 wreckless

wreckless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 29 March 2009 - 04:19 PM

i have ran some more tests using mailware bytes and rsit
here are results

here is the information you requested, I hope this is not to much

thank you for the help

Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 5.1.2600 Service Pack 3

29/03/2009 20:26:00
mbam-log-2009-03-29 (20-26-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 352279
Time elapsed: 50 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 187

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\SpywareStop\SpyCleaner.dll (Rogue.SpyCleaner) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Main\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Registry Backups (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SpywareStop\SpyCleaner.dll (Rogue.SpyCleaner) -> Delete on reboot.
C:\WINDOWS\sovowuyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\howiduga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\waseyibe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\devoresi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\vatimete.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\wobebupi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\wolayuga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\yirepoje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pozayeda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Log\log_2007_06_27_19_04_51.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Settings\CustomScan.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Settings\ScanInfo.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Settings\ScanResults.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Settings\SelectedFolders.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\AdwareAlert\Settings\Settings.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\sporder.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Results.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 01 - 05_45_27 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 01 - 10_49_30 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 02 - 03_58_16 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 02 - 10_11_25 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 03 - 08_24_59 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 03 - 08_56_55 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 03 - 09_16_45 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 04 - 09_35_40 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 04 - 11_15_33 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 04 - 11_57_28 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 05 - 11_20_50 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 06 - 07_22_41 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 06 - 10_25_32 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 06 - 11_57_46 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 07 - 03_54_04 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 07 - 11_15_25 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 08 - 03_35_30 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 08 - 06_12_04 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 10 - 08_18_44 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 11 - 09_04_44 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 11 - 11_36_42 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 12 - 05_32_36 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 12 - 09_30_25 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 13 - 06_18_13 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 13 - 06_48_53 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 14 - 04_47_08 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 15 - 08_22_40 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 15 - 12_37_46 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 16 - 07_00_18 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 16 - 07_35_16 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 17 - 01_57_46 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 17 - 11_24_08 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 18 - 03_04_57 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 18 - 07_54_34 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 19 - 04_09_52 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 20 - 02_12_28 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 20 - 04_51_35 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 21 - 02_17_43 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 21 - 07_47_44 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 21 - 08_02_54 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 22 - 01_56_39 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 22 - 07_01_10 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 23 - 02_45_12 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 23 - 07_53_52 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 23 - 08_53_25 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 24 - 07_43_54 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 24 - 10_28_50 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 24 - 11_11_59 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Aug 25 - 09_06_08 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 01 - 07_05_07 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 01 - 07_31_19 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 01 - 08_10_09 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 01 - 08_12_55 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 01 - 08_24_44 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 01 - 09_55_43 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 01 - 12_10_47 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 02 - 01_43_20 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 02 - 06_47_46 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 02 - 09_45_15 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 02 - 12_14_48 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 04 - 06_07_56 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 04 - 07_48_21 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 04 - 08_43_40 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 05 - 04_52_50 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 05 - 06_05_25 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 06 - 01_59_30 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 06 - 03_13_10 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 06 - 08_39_57 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 06 - 11_40_59 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 07 - 04_34_08 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 07 - 04_54_45 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 07 - 11_06_25 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 08 - 04_05_56 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 09 - 04_05_35 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 09 - 04_46_22 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 09 - 08_30_39 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 10 - 03_49_05 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 11 - 01_04_50 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 11 - 08_10_01 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 11 - 08_26_36 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 12 - 05_44_44 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 12 - 09_29_59 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 01_03_41 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 01_20_08 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 02_59_22 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 06_11_28 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 07_27_33 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 09_52_08 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 12_15_33 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 12_19_44 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 13 - 12_39_54 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 14 - 03_09_54 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 14 - 03_31_53 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 14 - 09_21_09 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 14 - 09_41_37 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 15 - 01_35_55 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 15 - 05_37_05 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 20 - 02_57_44 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 20 - 04_14_28 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 20 - 09_09_49 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 21 - 06_48_30 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 21 - 07_36_02 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 22 - 07_44_57 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 23 - 03_20_22 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 23 - 08_38_06 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 24 - 03_05_26 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 24 - 10_01_46 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 25 - 01_37_07 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 25 - 08_14_02 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 25 - 08_17_28 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 27 - 07_36_33 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 27 - 07_41_02 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 28 - 08_36_21 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 28 - 09_10_02 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 29 - 05_39_43 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jul 29 - 09_09_38 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jun 27 - 06_55_57 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jun 27 - 06_55_58 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jun 27 - 07_10_17 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jun 27 - 10_05_11 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jun 28 - 05_57_46 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Jun 30 - 07_47_26 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Nov 28 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Nov 30 - 03_30_00 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 03 - 06_16_58 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 04 - 08_41_27 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 04 - 09_40_36 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 05 - 05_43_17 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 05 - 05_45_39 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 05 - 05_48_53 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 05 - 10_02_58 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 06 - 05_39_11 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 06 - 07_32_03 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 06 - 08_58_50 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 06 - 11_32_43 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 07 - 07_35_19 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 07 - 07_52_45 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 08 - 04_47_56 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 08 - 10_17_52 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 09 - 04_46_29 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 09 - 09_44_12 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 13 - 09_45_05 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 14 - 02_37_40 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 14 - 07_02_39 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 14 - 07_57_41 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 14 - 11_15_55 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 15 - 06_02_16 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 15 - 07_01_23 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 15 - 09_26_43 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 15 - 11_44_06 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 16 - 04_44_52 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 16 - 09_32_26 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 16 - 10_17_35 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 17 - 02_41_02 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 17 - 09_32_30 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 18 - 03_23_19 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 18 - 10_04_37 PM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 18 - 10_34_43 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 19 - 07_44_54 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 19 - 09_16_33 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Log\2007 Sep 19 - 11_55_44 AM.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Registry Backups\2007-06-27_18-58-51.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Main\Application Data\ErrorKiller\Registry Backups\2007-06-27_19-03-24.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\burnstown_dam.zip (Worm.Archive) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:08, on 29/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229622335546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229622322406
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://argus.sunderland.ac.uk/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://131.111.48.34/activex/AMC.cab
O20 - AppInit_DLLs:
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 6554 bytes



info.txt logfile of random's system information tool 1.06 2009-03-29 20:42:23

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
-->MsiExec /X{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D066C0E0-A915-11D5-B078-00C0F6A04C3E}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Merry Christmas Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\3D Merry Christmas Screensaver\unins000.exe"
3D Wild Dolphin Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\3D Wild Dolphin Screensaver\unins000.exe"
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Astro Gemini Screensaver Manager 1.2-->"C:\Program Files\Astro Gemini Software\Screensaver Manager\unins000.exe"
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Atlantis 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Atlantis 3D Screensaver\unins000.exe"
Aviary Manager V3.01 for Windows-->C:\AMWIN3\UNINSTAL.EXE C:\AMWIN3\UNINSTAL.LOG
AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Championship Manager Player Wizard-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Championship Manager Player Wizard\ST5UNST.LOG"
Christmas Eve 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Christmas Eve 3D Screensaver\unins000.exe"
Christmas Time 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Christmas Time 3D Screensaver\unins000.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Eye of the Storm Screen Saver version 2.3-->"C:\Program Files\Eye of the Storm Screen Saver\unins000.exe"
F1 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EA SPORTS\F1 2000\uninst.log"
F1 Manager-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EA SPORTS\F1 Manager\Uninst.isu"
Fish Aquarium 3D Screensaver 1.2-->"C:\Program Files\Astro Gemini Software\Fish Aquarium 3D Screensaver\unins000.exe"
Folder Lock-->C:\Program Files\Folder Lock\Uninstall.exe
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Grand Prix 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4961DB6-A3F3-11D3-BE67-0000B4A81FC5}\setup.exe"
Grand Prix 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Infogrames\Grand Prix 4\setup.exe"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
IL-2 Sturmovik-->C:\WINDOWS\UbiSoft\SetupUbi.exe -uninstall IL-2 Sturmovik
Image Icon Converter 1.3-->"C:\Program Files\Image Icon Converter\unins000.exe"
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jasc Animation Shop 3 20041030_07 Help file Patch-->C:\Program Files\Jasc Software Inc\Animation Shop 3\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\ANIMAT~1\INSTALL.LOG
Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro 9.01 - (9.0.1.1)-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Jasc Paint Shop Pro 9.01 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java™ 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JRAID-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 2.83 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lock On: Modern Air Combat-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}\setup.exe" -l0x9
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Gaming Software 5.01-->MsiExec.exe /X{C5961323-A2E5-4FAB-B92D-DBF6C282F0F5}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia FlashPaper 2-->MsiExec.exe /X{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}
Macromedia FreeHand 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marine Life 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Marine Life 3D Screensaver\unins000.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Combat Flight Simulator 3.0-->"C:\Program Files\Microsoft Games\Combat Flight Simulator 3\UNINSTAL.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
nLite 1.4.8-->"C:\Program Files\nLite\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.07.18-->MsiExec.exe /X{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}
Pacific Fighters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E149E957-F289-45E3-8645-1794A173F5AB} /l1033
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Pirate Ship 3D Screensaver 1.2-->"C:\Program Files\Astro Gemini Software\Pirate Ship 3D Screensaver\unins000.exe"
Planet Earth 3D Screensaver 1.1-->"C:\Program Files\Astro Gemini Software\Planet Earth 3D Screensaver\unins000.exe"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime-->MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Real Alternative 1.51-->"C:\Program Files\Real Alternative\unins000.exe"
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Red Alert Windows 95-->C:\WINDOWS\RAUNINST.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\REDALERT\DeIsL1.isu
RegCure 1.5.0.0-->C:\Program Files\RegCure\uninst.exe
Sea Storm 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Sea Storm 3D Screensaver\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sky Anytime-->MsiExec.exe /X{DD30C2FD-F485-46A8-8153-88EC2650BC79}
Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Solar System 3D Screensaver 1.4-->"C:\Program Files\Astro Gemini Software\Solar System 3D Screensaver\unins000.exe"
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpywareStop-->MsiExec.exe /X{CF8D6F40-FCDD-45AD-925F-9340BCFC5C99}
Star Wars Battlefront-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C79CB9C7-10A4-4814-8402-F574672C2192}\Setup.exe" -l0x9
SUPER © Version 2007.bld.21 (Jan 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SWiSH v2.0-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH v2.0\uninstal.log
SWiSHmax-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
The Settlers III Gold Edition-->C:\WINDOWS\IsUninst.exe -fC:\BlueByte\Settlers3\Uninst.isu -x -c"C:\BlueByte\Settlers3\install\itools.dll"
The Settlers IV-->C:\WINDOWS\IsUninst.exe -f"C:\BlueByte\The Settlers IV\uninst.isu" -c"C:\BlueByte\The Settlers IV\BBINST.DLL"
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Westwood Chat-->C:\WESTWOOD\PLANETWW\UNINSTWC.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\PLANETWW\DeIsL1.isu
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast® Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Winter 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Winter 3D Screensaver\unins000.exe"
Winter Night 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Winter Night 3D Screensaver\unins000.exe"
Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

======Security center information======

AV: COMODO Antivirus
FW: COMODO Firewall

======System event log======

Computer Name: MAIN-R435BY1H2J
Event Code: 8003
Message: The master browser has received a server announcement from the computer MALS-34ZWTK4GYY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F9BE1EA1-7E2.
The master browser is stopping or an election is being forced.

Record Number: 20833
Source Name: MRxSmb
Time Written: 20090213121204.000000+000
Event Type: error
User:

Computer Name: MAIN-R435BY1H2J
Event Code: 8003
Message: The master browser has received a server announcement from the computer MALS-34ZWTK4GYY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F9BE1EA1-7E2.
The master browser is stopping or an election is being forced.

Record Number: 20832
Source Name: MRxSmb
Time Written: 20090213104457.000000+000
Event Type: error
User:

Computer Name: MAIN-R435BY1H2J
Event Code: 8003
Message: The master browser has received a server announcement from the computer MALS-34ZWTK4GYY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F9BE1EA1-7E2.
The master browser is stopping or an election is being forced.

Record Number: 20768
Source Name: MRxSmb
Time Written: 20090211190512.000000+000
Event Type: error
User:

Computer Name: MAIN-R435BY1H2J
Event Code: 8003
Message: The master browser has received a server announcement from the computer MALS-34ZWTK4GYY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F9BE1EA1-7E2.
The master browser is stopping or an election is being forced.

Record Number: 20720
Source Name: MRxSmb
Time Written: 20090209212313.000000+000
Event Type: error
User:

Computer Name: MAIN-R435BY1H2J
Event Code: 8003
Message: The master browser has received a server announcement from the computer MALS-34ZWTK4GYY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F9BE1EA1-7E2.
The master browser is stopping or an election is being forced.

Record Number: 20702
Source Name: MRxSmb
Time Written: 20090209164548.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: MAIN-R435BY1H2J
Event Code: 1000
Message: Faulting application nero.exe, version 7.0.0.0, faulting module bcgcbpro730.dll, version 7.30.0.0, fault address 0x0011d51b.

Record Number: 26
Source Name: Application Error
Time Written: 20090324051844.000000+000
Event Type: error
User:

Computer Name: MAIN-R435BY1H2J
Event Code: 1000
Message: Faulting application nero.exe, version 7.0.0.0, faulting module bcgcbpro730.dll, version 7.30.0.0, fault address 0x0011d51b.

Record Number: 21
Source Name: Application Error
Time Written: 20090324051659.000000+000
Event Type: error
User:

Computer Name: MAIN-R435BY1H2J
Event Code: 1000
Message: Faulting application nero.exe, version 7.0.0.0, faulting module bcgcbpro730.dll, version 7.30.0.0, fault address 0x0011d51b.

Record Number: 20
Source Name: Application Error
Time Written: 20090324051618.000000+000
Event Type: error
User:

Computer Name: MAIN-R435BY1H2J
Event Code: 1000
Message: Faulting application nero.exe, version 7.0.0.0, faulting module bcgcbpro730.dll, version 7.30.0.0, fault address 0x0011d51b.

Record Number: 19
Source Name: Application Error
Time Written: 20090324051459.000000+000
Event Type: error
User:

Computer Name: MAIN-R435BY1H2J
Event Code: 1517
Message: Windows saved user MAIN-R435BY1H2J\Main registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 9
Source Name: Userenv
Time Written: 20090323010543.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\ColdFusion8\verity\k2\_nti40\bin;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\COSIDS;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas

Posted 29 March 2009 - 05:21 PM

Hello wreckless,

It would have been better if you had done what was asked of you and posted a new topic.

I have to wonder....did you really install all these rogue/fake programs your self? :thumbup2: Even with all that MBAM removed you still show a rogue running.

Via Add/Remove Programs, please locate and uninstall SpywareStop. Reboot your computer afterward.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O20 - AppInit_DLLs:
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folder(s) (if they exist):

C:\Program Files\SpywareStop

Reboot your computer.

You had some Vundo showing in your MBAM log, and I'd like to look deeper and be sure there is nothing left of it.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 wreckless

wreckless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 29 March 2009 - 06:04 PM

I tried to post as new topic but it says i do not have permissin to post new topic
i purchased spywarestop from here <hxxp://spywarestop.com/?hop=regfix07> i feel a fool as i have paid for life membership :angry:
it allways seemed ok until now it found many trojans, i supose you live and learn by your mistakes

here is the information you requested

ComboFix 09-03-29.02 - Main 2009-03-29 23:44:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1598 [GMT 1:00]
Running from: c:\documents and settings\Main\My Documents\Safty pc progs\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 20:42 . 2009-03-29 20:42 <DIR> d-------- C:\rsit
2009-03-29 20:27 . 2009-03-29 20:27 61,440 --a------ c:\windows\system32\drivers\ooby.sys
2009-03-29 18:41 . 2009-03-29 18:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 18:41 . 2009-03-29 18:41 <DIR> d-------- c:\documents and settings\Main\Application Data\Malwarebytes
2009-03-29 18:41 . 2009-03-29 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-29 18:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 18:41 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 18:38 . 2009-03-29 18:38 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-29 11:08 . 2009-03-29 11:08 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 10:42 . 2009-03-29 10:42 <DIR> d-------- c:\program files\microsoft frontpage
2009-03-29 09:46 . 2009-01-09 20:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-28 15:15 . 2009-03-29 17:48 <DIR> d-------- c:\program files\officexp
2009-03-26 23:23 . 2009-03-29 10:04 <DIR> d-------- c:\program files\colour folder
2009-03-26 23:13 . 2009-03-26 23:27 <DIR> d---s---- C:\sites 2009
2009-03-24 06:31 . 2006-10-26 20:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-24 06:26 . 2009-03-29 09:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-24 05:13 . 2009-03-24 05:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-24 04:42 . 1993-05-12 01:00 398,416 --a------ c:\windows\system\VBRUN300.DLL
2009-03-24 04:42 . 1993-06-15 18:26 45,136 --a------ c:\windows\system\GRID.VBX
2009-03-24 04:42 . 1993-04-28 01:00 18,688 --a------ c:\windows\system\cmdialog.vbx
2009-03-24 04:42 . 1996-03-11 12:18 6,880 --a------ c:\windows\system\bdtlibr.vbx
2009-03-24 04:33 . 2009-03-28 23:48 <DIR> d-------- C:\AMWIN3
2009-03-24 04:33 . 2009-03-29 16:46 1,925 --a------ c:\windows\amw95.INI
2009-03-23 18:47 . 2009-03-23 23:37 <DIR> d-------- C:\BirdsEvolutionPro
2009-03-21 16:05 . 2009-03-21 16:05 <DIR> d-------- c:\documents and settings\Main\LocalLow
2009-03-21 16:05 . 2009-03-21 16:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks
2009-03-04 18:53 . 2006-09-14 01:19 314,368 --a------ C:\Rar.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-03-21 12:44 246,272 ----a-w c:\windows\UNINST16.EXE
2009-03-29 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-03-29 19:28 --------- d-----w c:\program files\SpywareStop
2009-03-29 19:26 68,362 ----a-w c:\program files\qwnxftp.txt
2009-03-29 16:46 --------- d-----w c:\program files\Hijack This
2009-03-29 16:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-29 08:57 --------- d-----w c:\program files\MSBuild
2009-03-29 08:52 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-28 17:47 --------- d-----w c:\documents and settings\Main\Application Data\DNA
2009-03-28 14:02 --------- d-----w c:\program files\DNA
2009-03-25 06:41 --------- d-----w c:\documents and settings\Main\Application Data\SpywareStop
2009-03-22 16:38 498 ----a-w C:\sccfg.sys
2009-03-22 15:17 --------- d-----w c:\program files\Folder Lock
2009-03-14 05:08 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-14 04:58 --------- d-----w c:\program files\Macromedia
2009-02-27 08:12 155,384 ----a-w c:\windows\system32\guard32.dll
2009-02-27 08:12 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-22 09:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-02-22 09:21 --------- d-----w c:\program files\Kodak
2009-02-21 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-02-21 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\_comodo_
2009-02-21 09:39 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-21 08:25 691,592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-15 09:31 --------- d-----w c:\program files\nLite
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-02 17:46 --------- d-----w c:\documents and settings\Main\Application Data\Nokia Multimedia Player
2009-01-30 08:09 --------- d-----w c:\documents and settings\Main\Application Data\Apple Computer
2009-01-28 13:14 --------- d-----w c:\program files\Axis Communications
2009-01-10 23:11 3,238 ----a-w c:\windows\wininit.tmp
2008-12-21 06:17 52,112 ----a-w c:\documents and settings\Main\Application Data\GDIPFONTCACHEV1.DAT
2008-11-05 09:24 22,328 ----a-w c:\documents and settings\Main\Application Data\PnkBstrK.sys
2008-07-08 16:34 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
1998-08-24 11:09 10,000 ----a-w c:\windows\inf\unregpn.exe
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-07-12 09:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071220080713\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpywareStop"="c:\program files\SpywareStop\SpywareStop.exe" [2008-03-24 7124208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 582144]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-02-27 1851128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
"nwiz"="nwiz.exe" [2008-09-18 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Main^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroHomeFirstStart]
--a------ 2005-09-09 13:26 10752 c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-23 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-23 24336]
R2 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [2009-01-27 165376]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 Alpham1;Ideazon Fang USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-03-20 42624]
R3 Alpham2;Ideazon Fang MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-03-20 18432]
S0 spywarestop;spywarestop;c:\windows\system32\DRIVERS\spywarestop.sys --> c:\windows\system32\DRIVERS\spywarestop.sys [?]
S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-04 37248]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-08 33752]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-01-11 287488]
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\ErrorKiller Scheduled Scan.job
- c:\program files\errorkiller\ErrorKiller.exe []

2009-03-24 c:\windows\Tasks\ErrorKiller Scheduled Scan.job
- c:\program files\errorkiller []

2009-03-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-12-24 14:43]

2008-09-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-12-24 14:43]

2009-03-24 c:\windows\Tasks\SpywareBot Scheduled Scan.job
- c:\program files\SpywareBot\SpywareBot.exe []

2009-03-24 c:\windows\Tasks\SpywareBot Scheduled Scan.job
- c:\program files\SpywareBot []

2009-03-29 c:\windows\Tasks\SpywareStop Scheduled Scan.job
- c:\program files\SpywareStop\SpywareStop.exe [2008-03-24 22:10]

2009-03-29 c:\windows\Tasks\SpywareStop Scheduled Scan.job
- c:\program files\SpywareStop [2009-03-29 20:28]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://131.111.48.34/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\xnd414le.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 23:46:39
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1580436667-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\guard32.dll
.
Completion time: 2009-03-29 23:49:09
ComboFix-quarantined-files.txt 2009-03-29 22:47:51

Pre-Run: 19,811,237,888 bytes free
Post-Run: 20,564,410,368 bytes free

205


here is rescan with hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:05, on 29/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229622335546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229622322406
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://argus.sunderland.ac.uk/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://131.111.48.34/activex/AMC.cab
O20 - AppInit_DLLs:
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 6167 bytes

Edited by Orange Blossom, 11 February 2013 - 04:12 AM.
Deactivate link. ~ OB


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:30 PM

Posted 29 March 2009 - 06:30 PM

Hello,

Don't feel bad. You're not alone, and these monsters will go as low as they have to to make their money. :thumbup2:


* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

Folder::
c:\program files\SpywareStop
c:\program files\errorkiller
c:\program files\SpywareBot

File::
c:\program files\qwnxftp.txt
c:\windows\system32\DRIVERS\spywarestop.sys
c:\windows\Tasks\ErrorKiller Scheduled Scan.job
c:\windows\Tasks\SpywareBot Scheduled Scan.job
c:\windows\Tasks\SpywareStop Scheduled Scan.job

Driver::
spywarestop


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How is it running now please? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 wreckless

wreckless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 29 March 2009 - 09:04 PM

Thank you for all your help :thumbup2:

here is report
ComboFix 09-03-29.02 - Main 2009-03-30 2:53:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1622 [GMT 1:00]
Running from: c:\documents and settings\Main\My Documents\Safty pc progs\ComboFix.exe
Command switches used :: c:\documents and settings\Main\My Documents\Safty pc progs\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\program files\qwnxftp.txt
c:\windows\system32\DRIVERS\spywarestop.sys
c:\windows\Tasks\ErrorKiller Scheduled Scan.job
c:\windows\Tasks\SpywareBot Scheduled Scan.job
c:\windows\Tasks\SpywareStop Scheduled Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\qwnxftp.txt
c:\program files\SpywareStop
c:\program files\SpywareStop\DataBase.ref
c:\program files\SpywareStop\Difxapi.dll
c:\program files\SpywareStop\FilterDrv\SpywareBot.cat
c:\program files\SpywareStop\FilterDrv\SpywareBot.inf
c:\program files\SpywareStop\FilterDrv\SpywareStop.amd64.sys
c:\program files\SpywareStop\FilterDrv\SpywareStop.cat
c:\program files\SpywareStop\FilterDrv\SpywareStop.inf
c:\program files\SpywareStop\FilterDrv\SpywareStop.x86.sys
c:\program files\SpywareStop\Launcher.exe
c:\program files\SpywareStop\spyware stopper\TCL.dll
c:\program files\SpywareStop\SpywareStop.exe
c:\program files\SpywareStop\SpywareStop.url
c:\program files\SpywareStop\TCL.dll
c:\program files\SpywareStop\vistaCPtasks.xml
c:\program files\SpywareStop\zlib.dll
c:\windows\Tasks\ErrorKiller Scheduled Scan.job
c:\windows\Tasks\SpywareBot Scheduled Scan.job
c:\windows\Tasks\SpywareStop Scheduled Scan.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPYWARESTOP
-------\Service_spywarestop


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-29 20:42 . 2009-03-29 20:42 <DIR> d-------- C:\rsit
2009-03-29 20:27 . 2009-03-29 20:27 61,440 --a------ c:\windows\system32\drivers\ooby.sys
2009-03-29 18:41 . 2009-03-29 18:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 18:41 . 2009-03-29 18:41 <DIR> d-------- c:\documents and settings\Main\Application Data\Malwarebytes
2009-03-29 18:41 . 2009-03-29 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-29 18:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 18:41 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 18:38 . 2009-03-29 18:38 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-29 11:08 . 2009-03-29 11:08 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 10:42 . 2009-03-29 10:42 <DIR> d-------- c:\program files\microsoft frontpage
2009-03-29 09:46 . 2009-01-09 20:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-28 15:15 . 2009-03-29 17:48 <DIR> d-------- c:\program files\officexp
2009-03-26 23:23 . 2009-03-29 10:04 <DIR> d-------- c:\program files\colour folder
2009-03-26 23:13 . 2009-03-26 23:27 <DIR> d---s---- C:\sites 2009
2009-03-24 06:31 . 2006-10-26 20:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-24 06:26 . 2009-03-29 09:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-24 05:13 . 2009-03-24 05:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-24 04:42 . 1993-05-12 01:00 398,416 --a------ c:\windows\system\VBRUN300.DLL
2009-03-24 04:42 . 1993-06-15 18:26 45,136 --a------ c:\windows\system\GRID.VBX
2009-03-24 04:42 . 1993-04-28 01:00 18,688 --a------ c:\windows\system\cmdialog.vbx
2009-03-24 04:42 . 1996-03-11 12:18 6,880 --a------ c:\windows\system\bdtlibr.vbx
2009-03-24 04:33 . 2009-03-28 23:48 <DIR> d-------- C:\AMWIN3
2009-03-24 04:33 . 2009-03-29 16:46 1,925 --a------ c:\windows\amw95.INI
2009-03-23 18:47 . 2009-03-23 23:37 <DIR> d-------- C:\BirdsEvolutionPro
2009-03-21 16:05 . 2009-03-21 16:05 <DIR> d-------- c:\documents and settings\Main\LocalLow
2009-03-21 16:05 . 2009-03-21 16:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks
2009-03-04 18:53 . 2006-09-14 01:19 314,368 --a------ C:\Rar.exe
2009-02-22 10:00 . 2009-02-22 10:18 3,344 --a------ C:\logfile
2009-02-22 09:59 . 2009-02-22 09:59 <DIR> d-------- c:\windows\system32\BWKDLogs
2009-02-22 09:57 . 2009-02-22 10:21 <DIR> d-------- c:\program files\Kodak
2009-02-22 09:56 . 2009-02-22 10:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kodak
2009-02-21 09:25 . 2009-02-21 09:25 691,592 --a------ c:\windows\system32\OGACheckControl.DLL
2009-02-09 00:11 . 2009-02-09 00:11 14 --a------ c:\windows\popcinfo.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-03-21 12:44 246,272 ----a-w c:\windows\UNINST16.EXE
2009-03-30 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-03-29 16:46 --------- d-----w c:\program files\Hijack This
2009-03-29 16:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-29 08:57 --------- d-----w c:\program files\MSBuild
2009-03-29 08:52 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-28 17:47 --------- d-----w c:\documents and settings\Main\Application Data\DNA
2009-03-28 14:02 --------- d-----w c:\program files\DNA
2009-03-25 06:41 --------- d-----w c:\documents and settings\Main\Application Data\SpywareStop
2009-03-22 16:38 498 ----a-w C:\sccfg.sys
2009-03-22 15:17 --------- d-----w c:\program files\Folder Lock
2009-03-14 05:08 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-14 04:58 --------- d-----w c:\program files\Macromedia
2009-02-27 08:12 155,384 ----a-w c:\windows\system32\guard32.dll
2009-02-27 08:12 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-21 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-02-21 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\_comodo_
2009-02-21 09:39 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-15 09:31 --------- d-----w c:\program files\nLite
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-02 17:46 --------- d-----w c:\documents and settings\Main\Application Data\Nokia Multimedia Player
2009-01-30 08:09 --------- d-----w c:\documents and settings\Main\Application Data\Apple Computer
2009-01-28 13:14 --------- d-----w c:\program files\Axis Communications
2009-01-10 23:11 3,238 ----a-w c:\windows\wininit.tmp
2008-12-21 06:17 52,112 ----a-w c:\documents and settings\Main\Application Data\GDIPFONTCACHEV1.DAT
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll
2008-11-05 09:24 22,328 ----a-w c:\documents and settings\Main\Application Data\PnkBstrK.sys
2008-07-08 16:34 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
1998-08-24 11:09 10,000 ----a-w c:\windows\inf\unregpn.exe
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-07-12 09:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071220080713\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_23.47.05.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-03-30 01:56:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_204.dat
+ 2009-03-30 01:56:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_264.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 582144]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-02-27 1851128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
"nwiz"="nwiz.exe" [2008-09-18 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Main^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroHomeFirstStart]
--a------ 2005-09-09 13:26 10752 c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-23 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-23 24336]
R2 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [2009-01-27 165376]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 Alpham1;Ideazon Fang USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-03-20 42624]
R3 Alpham2;Ideazon Fang MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-03-20 18432]
S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-04 37248]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-08 33752]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-01-11 287488]
.
Contents of the 'Scheduled Tasks' folder

2009-03-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-12-24 14:43]

2008-09-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-12-24 14:43]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpywareStop - c:\program files\SpywareStop\SpywareStop.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://131.111.48.34/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\xnd414le.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 02:56:42
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1580436667-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-30 2:59:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 01:59:32
ComboFix2.txt 2009-03-29 22:49:10

Pre-Run: 20,918,878,208 bytes free
Post-Run: 20,801,105,920 bytes free

250

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:30 PM

Posted 29 March 2009 - 09:20 PM

Hello,

You're welcome. :thumbup2:

Could I please see a Hijackthis log? Also, please let me know how it's running. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 wreckless

wreckless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 29 March 2009 - 09:50 PM

here you go :thumbup2: it seems to be better when i went on ebay before it was adding things to my watch folder like condoms all clear now
i have sent email to spyware stoper but dont think i will get any reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47:10, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229622335546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229622322406
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://argus.sunderland.ac.uk/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://131.111.48.34/activex/AMC.cab
O20 - AppInit_DLLs:
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 5944 bytes

once again thank you i will put a sub in when my ebay items finish and i have somthing in my paypal account :)

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:30 PM

Posted 29 March 2009 - 10:03 PM

Hi,

Good to know, and you're most welcome. :thumbup2: Sadly, I don't think you'll get any reply to your e-mail either. :)

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O20 - AppInit_DLLs:
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Have a last run with MBAM and make sure it isn't picking anything up.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 wreckless

wreckless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 30 March 2009 - 03:00 PM

just 1 last question
is comodo worth using i find the firewall questions everthing i do if left in safe mode, but feel that can only be a good thing but they now have mailware and antivirus these are all free and run as 1 program in your profesional opinion do you think it is ok to use this

below is details of donation not much but i am not rich hope it is ok

Confirmation number: 56W693641D342924C. An email with your donation details has been sent to xxxxxxxxxxx k and you
can print your donation receipt.Donations Coordinator Contact Information xxxxxxxxxxxxxx

Edited by teacup61, 30 March 2009 - 04:37 PM.
edited out e-mail addies


#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:30 PM

Posted 30 March 2009 - 04:50 PM

Hello,

I edited out the e-mail addresses. Neither of us needs to be spammed into oblivion. :)

I never recommend the whole Comodo suite. I use the firewall only, and Avira as my AntiVirus. So yes, the Comodo firewall is excellent. Mine is in Safe Mode as well, and I've found that after it got past the initial "training", it rarely bugs me any more. It only pops up if I do something unusual, or download a new application, etc.....

If you'd like to look into this option, then uninstall Comodo and reinstall only the firewall. You can get Avira here: http://www.free-av.com/

Thank you for the donation. It is much appreciated. :thumbup2:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:30 AM

Posted 04 April 2009 - 06:22 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

I moved the topic to the regular HiJack This forum. ~ OB

Edited by Orange Blossom, 04 April 2009 - 08:16 PM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users