Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack this Log Please


  • This topic is locked This topic is locked

#1
afc_london

afc_london

    Member

  • Member
  • PipPip
  • 23 posts
Hi. I'm not 100 per cent sure if it's a virus problem or just my lack of pc knowledge !
I'm running XP and up until a couple of weeks ago i had a nice picture of my 2 year old son as my desktop. All of a sudden , it's been replaced by a blank blue screen and even when i enter into the control panel and display settings i cannot change the desktop image to anything - let alone my sons picture. The "Browse" button which is normally highlighted to look for an image is not , and after trying various things i am thinking that maybe it's a virus.
I have followed all the neccessary pre Hijack this log tests and aside from the "Panda Active scan" have compiled a log for you experts to peruse. I got as far as trying to scan "My Computer" on the Active scan but everytime i tried to start the scan i kept getting "Error on Page" come up.

Thanks In advance.
C:\Program Files\VideoAccess -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\PestTrap -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\PestTrap.exe -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\Uninstall.exe -> Adware.PestTrap : Cleaned with backup (quarantined).
HKU\S-1-5-21-841094164-3187559154-2574134813-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mi1.exe -> Adware.Softomate : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.115:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.116:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.117:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.118:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.8:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.46:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.44:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.45:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.17:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.83:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.120:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.121:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.122:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.124:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.33:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.34:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.35:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.27:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.25:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.26:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.38:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.39:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.40:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.41:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.42:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.20:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\stephen wilkinson\Application Data\Mozilla\Firefox\Profiles\0py84n4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
[192] VM_03560000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[216] VM_00C90000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).
[792] VM_00BA0000 -> Trojan.DNSChanger.hg : Cleaned with backup (quarantined).


::Report end
SUPERAntiSpyware Scan Log
Generated 01/21/2007 at 03:45 PM

Application Version : 3.5.1016

Core Rules Database Version : 3168
Trace Rules Database Version: 1179

Scan type : Complete Scan
Total Scan Time : 00:38:23

Memory items scanned : 505
Memory threats detected : 0
Registry items scanned : 5610
Registry threats detected : 85
File items scanned : 47920
File threats detected : 578

Malware.SpywareBot
[SpywareBot] C:\PROGRAM FILES\SPYWAREBOT\SPYWAREBOT.EXE
C:\PROGRAM FILES\SPYWAREBOT\SPYWAREBOT.EXE
HKU\S-1-5-21-841094164-3187559154-2574134813-1006\Software\SpywareBot
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ C:\Program Files\spywarebot\SpywareBot.exe -boot ]
C:\Program Files\SpywareBot\Log\log_2006_05_20_21_59_36.log
C:\Program Files\SpywareBot\Log\log_2006_05_20_21_59_44.log
C:\Program Files\SpywareBot\Log\log_2006_05_20_22_17_27.log
C:\Program Files\SpywareBot\Log\log_2006_05_20_22_43_21.log
C:\Program Files\SpywareBot\Log\log_2006_05_21_08_07_54.log
C:\Program Files\SpywareBot\Log\log_2006_05_21_08_35_56.log
C:\Program Files\SpywareBot\Log\log_2006_05_21_09_37_50.log
C:\Program Files\SpywareBot\Log\log_2006_05_21_19_24_27.log
C:\Program Files\SpywareBot\Log\log_2006_05_21_20_43_15.log
C:\Program Files\SpywareBot\Log\log_2006_05_21_21_59_01.log
C:\Program Files\SpywareBot\Log\log_2006_05_22_15_20_53.log
C:\Program Files\SpywareBot\Log\log_2006_05_22_17_28_59.log
C:\Program Files\SpywareBot\Log\log_2006_05_22_19_32_14.log
C:\Program Files\SpywareBot\Log\log_2006_05_22_19_45_42.log
C:\Program Files\SpywareBot\Log\log_2006_05_22_20_54_51.log
C:\Program Files\SpywareBot\Log\log_2006_05_23_15_00_33.log
C:\Program Files\SpywareBot\Log\log_2006_05_23_15_04_17.log
C:\Program Files\SpywareBot\Log\log_2006_05_23_15_16_45.log
C:\Program Files\SpywareBot\Log\log_2006_05_23_20_18_06.log
C:\Program Files\SpywareBot\Log\log_2006_05_24_19_36_59.log
C:\Program Files\SpywareBot\Log\log_2006_05_25_20_00_29.log
C:\Program Files\SpywareBot\Log\log_2006_05_26_19_01_53.log
C:\Program Files\SpywareBot\Log\log_2006_05_27_09_36_33.log
C:\Program Files\SpywareBot\Log\log_2006_05_27_17_11_54.log
C:\Program Files\SpywareBot\Log\log_2006_05_27_18_47_21.log
C:\Program Files\SpywareBot\Log\log_2006_05_28_20_05_26.log
C:\Program Files\SpywareBot\Log\log_2006_05_29_09_59_05.log
C:\Program Files\SpywareBot\Log\log_2006_05_29_13_45_33.log
C:\Program Files\SpywareBot\Log\log_2006_05_29_18_14_07.log
C:\Program Files\SpywareBot\Log\log_2006_05_29_22_19_40.log
C:\Program Files\SpywareBot\Log\log_2006_05_30_09_29_25.log
C:\Program Files\SpywareBot\Log\log_2006_05_30_11_02_49.log
C:\Program Files\SpywareBot\Log\log_2006_05_30_19_39_35.log
C:\Program Files\SpywareBot\Log\log_2006_05_30_20_02_31.log
C:\Program Files\SpywareBot\Log\log_2006_05_30_20_55_38.log
C:\Program Files\SpywareBot\Log\log_2006_05_30_21_00_44.log
C:\Program Files\SpywareBot\Log\log_2006_05_30_21_03_35.log
C:\Program Files\SpywareBot\Log\log_2006_05_31_08_23_38.log
C:\Program Files\SpywareBot\Log\log_2006_05_31_10_50_55.log
C:\Program Files\SpywareBot\Log\log_2006_05_31_10_55_14.log
C:\Program Files\SpywareBot\Log\log_2006_05_31_11_18_19.log
C:\Program Files\SpywareBot\Log\log_2006_05_31_11_45_39.log
C:\Program Files\SpywareBot\Log\log_2006_05_31_20_29_25.log
C:\Program Files\SpywareBot\Log\log_2006_06_01_09_16_04.log
C:\Program Files\SpywareBot\Log\log_2006_06_01_09_27_08.log
C:\Program Files\SpywareBot\Log\log_2006_06_01_17_31_25.log
C:\Program Files\SpywareBot\Log\log_2006_06_01_17_34_26.log
C:\Program Files\SpywareBot\Log\log_2006_06_01_18_56_57.log
C:\Program Files\SpywareBot\Log\log_2006_06_01_23_06_10.log
C:\Program Files\SpywareBot\Log\log_2006_06_02_19_24_00.log
C:\Program Files\SpywareBot\Log\log_2006_06_03_19_07_30.log
C:\Program Files\SpywareBot\Log\log_2006_06_04_10_05_39.log
C:\Program Files\SpywareBot\Log\log_2006_06_04_10_44_19.log
C:\Program Files\SpywareBot\Log\log_2006_06_04_17_40_08.log
C:\Program Files\SpywareBot\Log\log_2006_06_04_22_07_39.log
C:\Program Files\SpywareBot\Log\log_2006_06_06_18_24_36.log
C:\Program Files\SpywareBot\Log\log_2006_06_07_09_51_55.log
C:\Program Files\SpywareBot\Log\log_2006_06_07_09_54_13.log
C:\Program Files\SpywareBot\Log\log_2006_06_07_12_22_24.log
C:\Program Files\SpywareBot\Log\log_2006_06_08_11_12_29.log
C:\Program Files\SpywareBot\Log\log_2006_06_08_22_55_46.log
C:\Program Files\SpywareBot\Log\log_2006_06_09_10_13_59.log
C:\Program Files\SpywareBot\Log\log_2006_06_09_12_15_17.log
C:\Program Files\SpywareBot\Log\log_2006_06_09_23_22_33.log
C:\Program Files\SpywareBot\Log\log_2006_06_10_23_17_00.log
C:\Program Files\SpywareBot\Log\log_2006_06_11_10_08_12.log
C:\Program Files\SpywareBot\Log\log_2006_06_11_10_34_54.log
C:\Program Files\SpywareBot\Log\log_2006_06_12_18_24_39.log
C:\Program Files\SpywareBot\Log\log_2006_06_12_22_35_13.log
C:\Program Files\SpywareBot\Log\log_2006_06_13_19_04_16.log
C:\Program Files\SpywareBot\Log\log_2006_06_14_20_00_30.log
C:\Program Files\SpywareBot\Log\log_2006_06_15_19_08_39.log
C:\Program Files\SpywareBot\Log\log_2006_06_16_19_23_39.log
C:\Program Files\SpywareBot\Log\log_2006_06_16_20_30_38.log
C:\Program Files\SpywareBot\Log\log_2006_06_17_20_53_09.log
C:\Program Files\SpywareBot\Log\log_2006_06_17_23_33_09.log
C:\Program Files\SpywareBot\Log\log_2006_06_18_11_53_24.log
C:\Program Files\SpywareBot\Log\log_2006_06_19_16_07_12.log
C:\Program Files\SpywareBot\Log\log_2006_06_19_19_31_11.log
C:\Program Files\SpywareBot\Log\log_2006_06_20_19_07_18.log
C:\Program Files\SpywareBot\Log\log_2006_06_21_19_29_45.log
C:\Program Files\SpywareBot\Log\log_2006_06_22_14_27_34.log
C:\Program Files\SpywareBot\Log\log_2006_06_22_19_18_50.log
C:\Program Files\SpywareBot\Log\log_2006_06_22_19_22_27.log
C:\Program Files\SpywareBot\Log\log_2006_06_23_19_06_34.log
C:\Program Files\SpywareBot\Log\log_2006_06_24_09_41_14.log
C:\Program Files\SpywareBot\Log\log_2006_06_24_20_00_11.log
C:\Program Files\SpywareBot\Log\log_2006_06_25_09_00_30.log
C:\Program Files\SpywareBot\Log\log_2006_06_25_15_39_39.log
C:\Program Files\SpywareBot\Log\log_2006_06_26_11_52_28.log
C:\Program Files\SpywareBot\Log\log_2006_06_26_12_18_15.log
C:\Program Files\SpywareBot\Log\log_2006_06_26_23_03_38.log
C:\Program Files\SpywareBot\Log\log_2006_06_26_23_14_37.log
C:\Program Files\SpywareBot\Log\log_2006_06_27_11_48_26.log
C:\Program Files\SpywareBot\Log\log_2006_06_27_12_21_45.log
C:\Program Files\SpywareBot\Log\log_2006_06_27_22_59_18.log
C:\Program Files\SpywareBot\Log\log_2006_06_28_09_47_41.log
C:\Program Files\SpywareBot\Log\log_2006_06_30_10_16_12.log
C:\Program Files\SpywareBot\Log\log_2006_07_01_08_40_13.log
C:\Program Files\SpywareBot\Log\log_2006_07_01_21_54_52.log
C:\Program Files\SpywareBot\Log\log_2006_07_02_09_44_55.log
C:\Program Files\SpywareBot\Log\log_2006_07_02_10_06_21.log
C:\Program Files\SpywareBot\Log\log_2006_07_03_23_15_55.log
C:\Program Files\SpywareBot\Log\log_2006_07_04_23_11_19.log
C:\Program Files\SpywareBot\Log\log_2006_07_06_08_16_30.log
C:\Program Files\SpywareBot\Log\log_2006_07_06_17_30_19.log
C:\Program Files\SpywareBot\Log\log_2006_07_06_22_46_53.log
C:\Program Files\SpywareBot\Log\log_2006_07_07_10_43_57.log
C:\Program Files\SpywareBot\Log\log_2006_07_07_21_58_05.log
C:\Program Files\SpywareBot\Log\log_2006_07_08_23_02_42.log
C:\Program Files\SpywareBot\Log\log_2006_07_09_10_21_47.log
C:\Program Files\SpywareBot\Log\log_2006_07_10_19_33_11.log
C:\Program Files\SpywareBot\Log\log_2006_07_10_20_59_39.log
C:\Program Files\SpywareBot\Log\log_2006_07_11_19_32_12.log
C:\Program Files\SpywareBot\Log\log_2006_07_12_19_24_17.log
C:\Program Files\SpywareBot\Log\log_2006_07_13_18_43_16.log
C:\Program Files\SpywareBot\Log\log_2006_07_14_19_43_23.log
C:\Program Files\SpywareBot\Log\log_2006_07_15_19_56_23.log
C:\Program Files\SpywareBot\Log\log_2006_07_16_18_35_37.log
C:\Program Files\SpywareBot\Log\log_2006_07_17_19_02_24.log
C:\Program Files\SpywareBot\Log\log_2006_07_18_04_58_18.log
C:\Program Files\SpywareBot\Log\log_2006_07_18_20_15_20.log
C:\Program Files\SpywareBot\Log\log_2006_07_19_15_16_12.log
C:\Program Files\SpywareBot\Log\log_2006_07_19_20_20_37.log
C:\Program Files\SpywareBot\Log\log_2006_07_20_17_40_22.log
C:\Program Files\SpywareBot\Log\log_2006_07_21_20_07_11.log
C:\Program Files\SpywareBot\Log\log_2006_07_22_22_47_00.log
C:\Program Files\SpywareBot\Log\log_2006_07_23_19_40_58.log
C:\Program Files\SpywareBot\Log\log_2006_07_24_10_55_04.log
C:\Program Files\SpywareBot\Log\log_2006_07_24_23_02_20.log
C:\Program Files\SpywareBot\Log\log_2006_07_25_07_12_55.log
C:\Program Files\SpywareBot\Log\log_2006_07_25_11_31_53.log
C:\Program Files\SpywareBot\Log\log_2006_07_25_22_53_13.log
C:\Program Files\SpywareBot\Log\log_2006_07_26_09_31_42.log
C:\Program Files\SpywareBot\Log\log_2006_07_26_11_34_17.log
C:\Program Files\SpywareBot\Log\log_2006_07_26_23_07_08.log
C:\Program Files\SpywareBot\Log\log_2006_07_27_12_09_49.log
C:\Program Files\SpywareBot\Log\log_2006_07_27_23_15_10.log
C:\Program Files\SpywareBot\Log\log_2006_07_28_20_28_15.log
C:\Program Files\SpywareBot\Log\log_2006_07_29_09_04_46.log
C:\Program Files\SpywareBot\Log\log_2006_07_29_10_50_39.log
C:\Program Files\SpywareBot\Log\log_2006_07_29_19_38_59.log
C:\Program Files\SpywareBot\Log\log_2006_07_30_08_48_20.log
C:\Program Files\SpywareBot\Log\log_2006_07_30_12_31_41.log
C:\Program Files\SpywareBot\Log\log_2006_07_30_17_37_01.log
C:\Program Files\SpywareBot\Log\log_2006_07_30_18_47_38.log
C:\Program Files\SpywareBot\Log\log_2006_07_30_23_07_30.log
C:\Program Files\SpywareBot\Log\log_2006_07_31_08_18_40.log
C:\Program Files\SpywareBot\Log\log_2006_07_31_12_31_18.log
C:\Program Files\SpywareBot\Log\log_2006_07_31_15_00_06.log
C:\Program Files\SpywareBot\Log\log_2006_07_31_17_52_20.log
C:\Program Files\SpywareBot\Log\log_2006_08_01_08_02_56.log
C:\Program Files\SpywareBot\Log\log_2006_08_01_19_06_27.log
C:\Program Files\SpywareBot\Log\log_2006_08_02_08_12_23.log
C:\Program Files\SpywareBot\Log\log_2006_08_02_12_09_10.log
C:\Program Files\SpywareBot\Log\log_2006_08_02_19_14_20.log
C:\Program Files\SpywareBot\Log\log_2006_08_02_22_59_20.log
C:\Program Files\SpywareBot\Log\log_2006_08_03_10_24_48.log
C:\Program Files\SpywareBot\Log\log_2006_08_03_17_23_54.log
C:\Program Files\SpywareBot\Log\log_2006_08_03_20_19_07.log
C:\Program Files\SpywareBot\Log\log_2006_08_04_10_19_12.log
C:\Program Files\SpywareBot\Log\log_2006_08_04_12_49_06.log
C:\Program Files\SpywareBot\Log\log_2006_08_04_20_14_21.log
C:\Program Files\SpywareBot\Log\log_2006_08_05_11_34_43.log
C:\Program Files\SpywareBot\Log\log_2006_08_05_18_30_50.log
C:\Program Files\SpywareBot\Log\log_2006_08_06_11_21_28.log
C:\Program Files\SpywareBot\Log\log_2006_08_06_12_38_03.log
C:\Program Files\SpywareBot\Log\log_2006_08_06_18_33_16.log
C:\Program Files\SpywareBot\Log\log_2006_08_06_21_14_46.log
C:\Program Files\SpywareBot\Log\log_2006_08_06_23_39_01.log
C:\Program Files\SpywareBot\Log\log_2006_08_07_10_45_00.log
C:\Program Files\SpywareBot\Log\log_2006_08_07_19_45_36.log
C:\Program Files\SpywareBot\Log\log_2006_08_08_09_07_01.log
C:\Program Files\SpywareBot\Log\log_2006_08_08_13_51_42.log
C:\Program Files\SpywareBot\Log\log_2006_08_08_15_22_51.log
C:\Program Files\SpywareBot\Log\log_2006_08_08_18_57_39.log
C:\Program Files\SpywareBot\Log\log_2006_08_08_23_28_48.log
C:\Program Files\SpywareBot\Log\log_2006_08_09_06_40_38.log
C:\Program Files\SpywareBot\Log\log_2006_08_09_09_29_39.log
C:\Program Files\SpywareBot\Log\log_2006_08_09_15_58_58.log
C:\Program Files\SpywareBot\Log\log_2006_08_09_20_13_33.log
C:\Program Files\SpywareBot\Log\log_2006_08_09_23_57_15.log
C:\Program Files\SpywareBot\Log\log_2006_08_10_09_57_10.log
C:\Program Files\SpywareBot\Log\log_2006_08_10_13_33_18.log
C:\Program Files\SpywareBot\Log\log_2006_08_10_14_24_43.log
C:\Program Files\SpywareBot\Log\log_2006_08_10_19_30_46.log
C:\Program Files\SpywareBot\Log\log_2006_08_11_07_44_57.log
C:\Program Files\SpywareBot\Log\log_2006_08_11_10_36_03.log
C:\Program Files\SpywareBot\Log\log_2006_08_11_16_31_41.log
C:\Program Files\SpywareBot\Log\log_2006_08_11_19_23_27.log
C:\Program Files\SpywareBot\Log\log_2006_08_12_09_37_24.log
C:\Program Files\SpywareBot\Log\log_2006_08_12_17_04_40.log
C:\Program Files\SpywareBot\Log\log_2006_08_12_18_35_50.log
C:\Program Files\SpywareBot\Log\log_2006_08_12_22_10_27.log
C:\Program Files\SpywareBot\Log\log_2006_08_13_08_33_42.log
C:\Program Files\SpywareBot\Log\log_2006_08_13_09_31_52.log
C:\Program Files\SpywareBot\Log\log_2006_08_13_18_08_31.log
C:\Program Files\SpywareBot\Log\log_2006_08_13_19_56_09.log
C:\Program Files\SpywareBot\Log\log_2006_08_14_12_46_05.log
C:\Program Files\SpywareBot\Log\log_2006_08_14_15_01_19.log
C:\Program Files\SpywareBot\Log\log_2006_08_14_20_56_38.log
C:\Program Files\SpywareBot\Log\log_2006_08_14_20_59_47.log
C:\Program Files\SpywareBot\Log\log_2006_08_14_23_42_32.log
C:\Program Files\SpywareBot\Log\log_2006_08_15_10_51_22.log
C:\Program Files\SpywareBot\Log\log_2006_08_15_18_37_11.log
C:\Program Files\SpywareBot\Log\log_2006_08_16_09_53_04.log
C:\Program Files\SpywareBot\Log\log_2006_08_16_13_59_12.log
C:\Program Files\SpywareBot\Log\log_2006_08_16_17_42_28.log
C:\Program Files\SpywareBot\Log\log_2006_08_16_20_26_55.log
C:\Program Files\SpywareBot\Log\log_2006_08_17_08_19_49.log
C:\Program Files\SpywareBot\Log\log_2006_08_17_18_14_42.log
C:\Program Files\SpywareBot\Log\log_2006_08_17_22_56_47.log
C:\Program Files\SpywareBot\Log\log_2006_08_18_09_34_50.log
C:\Program Files\SpywareBot\Log\log_2006_08_19_10_14_42.log
C:\Program Files\SpywareBot\Log\log_2006_08_19_10_39_09.log
C:\Program Files\SpywareBot\Log\log_2006_08_19_17_28_11.log
C:\Program Files\SpywareBot\Log\log_2006_08_19_21_15_15.log
C:\Program Files\SpywareBot\Log\log_2006_08_19_23_09_26.log
C:\Program Files\SpywareBot\Log\log_2006_08_20_07_39_44.log
C:\Program Files\SpywareBot\Log\log_2006_08_20_19_26_15.log
C:\Program Files\SpywareBot\Log\log_2006_08_20_21_04_18.log
C:\Program Files\SpywareBot\Log\log_2006_08_21_08_43_14.log
C:\Program Files\SpywareBot\Log\log_2006_08_21_10_13_10.log
C:\Program Files\SpywareBot\Log\log_2006_08_21_17_38_59.log
C:\Program Files\SpywareBot\Log\log_2006_08_21_23_15_03.log
C:\Program Files\SpywareBot\Log\log_2006_08_22_10_06_59.log
C:\Program Files\SpywareBot\Log\log_2006_08_22_23_03_40.log
C:\Program Files\SpywareBot\Log\log_2006_08_23_09_01_06.log
C:\Program Files\SpywareBot\Log\log_2006_08_23_10_14_51.log
C:\Program Files\SpywareBot\Log\log_2006_08_23_18_50_33.log
C:\Program Files\SpywareBot\Log\log_2006_08_23_23_10_47.log
C:\Program Files\SpywareBot\Log\log_2006_08_24_08_53_11.log
C:\Program Files\SpywareBot\Log\log_2006_08_24_09_29_40.log
C:\Program Files\SpywareBot\Log\log_2006_08_24_23_02_23.log
C:\Program Files\SpywareBot\Log\log_2006_08_25_10_26_16.log
C:\Program Files\SpywareBot\Log\log_2006_08_25_18_32_00.log
C:\Program Files\SpywareBot\Log\log_2006_08_25_20_57_53.log
C:\Program Files\SpywareBot\Log\log_2006_08_26_09_05_36.log
C:\Program Files\SpywareBot\Log\log_2006_08_26_11_18_23.log
C:\Program Files\SpywareBot\Log\log_2006_08_26_20_35_00.log
C:\Program Files\SpywareBot\Log\log_2006_08_27_09_22_03.log
C:\Program Files\SpywareBot\Log\log_2006_08_27_12_55_27.log
C:\Program Files\SpywareBot\Log\log_2006_08_27_21_18_07.log
C:\Program Files\SpywareBot\Log\log_2006_08_28_09_44_27.log
C:\Program Files\SpywareBot\Log\log_2006_08_28_20_35_22.log
C:\Program Files\SpywareBot\Log\log_2006_08_29_10_03_54.log
C:\Program Files\SpywareBot\Log\log_2006_08_29_23_18_25.log
C:\Program Files\SpywareBot\Log\log_2006_08_30_09_45_16.log
C:\Program Files\SpywareBot\Log\log_2006_08_30_11_41_50.log
C:\Program Files\SpywareBot\Log\log_2006_08_30_22_49_30.log
C:\Program Files\SpywareBot\Log\log_2006_08_31_09_20_24.log
C:\Program Files\SpywareBot\Log\log_2006_08_31_11_53_20.log
C:\Program Files\SpywareBot\Log\log_2006_08_31_23_28_32.log
C:\Program Files\SpywareBot\Log\log_2006_09_01_07_58_08.log
C:\Program Files\SpywareBot\Log\log_2006_09_01_08_12_12.log
C:\Program Files\SpywareBot\Log\log_2006_09_01_09_43_46.log
C:\Program Files\SpywareBot\Log\log_2006_09_01_12_26_23.log
C:\Program Files\SpywareBot\Log\log_2006_09_01_19_28_25.log
C:\Program Files\SpywareBot\Log\log_2006_09_02_08_01_53.log
C:\Program Files\SpywareBot\Log\log_2006_09_02_20_18_17.log
C:\Program Files\SpywareBot\Log\log_2006_09_02_21_58_43.log
C:\Program Files\SpywareBot\Log\log_2006_09_03_20_00_02.log
C:\Program Files\SpywareBot\Log\log_2006_09_04_05_17_09.log
C:\Program Files\SpywareBot\Log\log_2006_09_04_14_25_53.log
C:\Program Files\SpywareBot\Log\log_2006_09_04_18_57_53.log
C:\Program Files\SpywareBot\Log\log_2006_09_04_21_23_12.log
C:\Program Files\SpywareBot\Log\log_2006_09_05_11_47_13.log
C:\Program Files\SpywareBot\Log\log_2006_09_05_15_17_28.log
C:\Program Files\SpywareBot\Log\log_2006_09_05_17_29_43.log
C:\Program Files\SpywareBot\Log\log_2006_09_05_19_07_00.log
C:\Program Files\SpywareBot\Log\log_2006_09_06_11_05_58.log
C:\Program Files\SpywareBot\Log\log_2006_09_06_14_23_19.log
C:\Program Files\SpywareBot\Log\log_2006_09_06_19_30_04.log
C:\Program Files\SpywareBot\Log\log_2006_09_07_12_59_56.log
C:\Program Files\SpywareBot\Log\log_2006_09_07_14_21_49.log
C:\Program Files\SpywareBot\Log\log_2006_09_07_16_47_06.log
C:\Program Files\SpywareBot\Log\log_2006_09_07_19_45_27.log
C:\Program Files\SpywareBot\Log\log_2006_09_08_12_55_20.log
C:\Program Files\SpywareBot\Log\log_2006_09_08_14_52_22.log
C:\Program Files\SpywareBot\Log\log_2006_09_08_15_18_23.log
C:\Program Files\SpywareBot\Log\log_2006_09_08_19_53_45.log
C:\Program Files\SpywareBot\Log\log_2006_09_09_08_01_03.log
C:\Program Files\SpywareBot\Log\log_2006_09_09_10_31_19.log
C:\Program Files\SpywareBot\Log\log_2006_09_09_18_36_35.log
C:\Program Files\SpywareBot\Log\log_2006_09_10_08_14_23.log
C:\Program Files\SpywareBot\Log\log_2006_09_10_12_08_08.log
C:\Program Files\SpywareBot\Log\log_2006_09_10_19_59_20.log
C:\Program Files\SpywareBot\Log\log_2006_09_11_12_18_00.log
C:\Program Files\SpywareBot\Log\log_2006_09_11_16_33_49.log
C:\Program Files\SpywareBot\Log\log_2006_09_11_18_07_09.log
C:\Program Files\SpywareBot\Log\log_2006_09_12_13_19_42.log
C:\Program Files\SpywareBot\Log\log_2006_09_12_17_27_47.log
C:\Program Files\SpywareBot\Log\log_2006_09_12_19_35_03.log
C:\Program Files\SpywareBot\Log\log_2006_09_13_19_10_18.log
C:\Program Files\SpywareBot\Log\log_2006_09_13_21_49_01.log
C:\Program Files\SpywareBot\Log\log_2006_09_14_21_25_11.log
C:\Program Files\SpywareBot\Log\log_2006_09_14_21_29_10.log
C:\Program Files\SpywareBot\Log\log_2006_09_14_21_36_34.log
C:\Program Files\SpywareBot\Log\log_2006_09_15_16_53_33.log
C:\Program Files\SpywareBot\Log\log_2006_09_15_18_51_07.log
C:\Program Files\SpywareBot\Log\log_2006_09_16_06_23_59.log
C:\Program Files\SpywareBot\Log\log_2006_09_16_12_46_01.log
C:\Program Files\SpywareBot\Log\log_2006_09_16_19_28_25.log
C:\Program Files\SpywareBot\Log\log_2006_09_16_20_37_20.log
C:\Program Files\SpywareBot\Log\log_2006_09_17_08_23_42.log
C:\Program Files\SpywareBot\Log\log_2006_09_17_13_08_03.log
C:\Program Files\SpywareBot\Log\log_2006_09_17_19_42_29.log
C:\Program Files\SpywareBot\Log\log_2006_09_17_19_46_24.log
C:\Program Files\SpywareBot\Log\log_2006_09_18_08_15_51.log
C:\Program Files\SpywareBot\Log\log_2006_09_18_09_35_00.log
C:\Program Files\SpywareBot\Log\log_2006_09_18_12_07_46.log
C:\Program Files\SpywareBot\Log\log_2006_09_18_12_13_27.log
C:\Program Files\SpywareBot\Log\log_2006_09_18_23_09_23.log
C:\Program Files\SpywareBot\Log\log_2006_09_19_10_28_46.log
C:\Program Files\SpywareBot\Log\log_2006_09_19_18_41_00.log
C:\Program Files\SpywareBot\Log\log_2006_09_19_23_25_03.log
C:\Program Files\SpywareBot\Log\log_2006_09_20_11_05_27.log
C:\Program Files\SpywareBot\Log\log_2006_09_20_22_45_47.log
C:\Program Files\SpywareBot\Log\log_2006_09_21_09_24_36.log
C:\Program Files\SpywareBot\Log\log_2006_09_21_18_36_30.log
C:\Program Files\SpywareBot\Log\log_2006_09_21_23_25_23.log
C:\Program Files\SpywareBot\Log\log_2006_09_22_10_31_43.log
C:\Program Files\SpywareBot\Log\log_2006_09_23_05_07_32.log
C:\Program Files\SpywareBot\Log\log_2006_09_23_16_57_25.log
C:\Program Files\SpywareBot\Log\log_2006_09_23_21_55_49.log
C:\Program Files\SpywareBot\Log\log_2006_09_24_19_01_15.log
C:\Program Files\SpywareBot\Log\log_2006_09_25_23_12_16.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_08_05_24.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_08_15_53.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_08_20_32.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_08_23_13.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_08_26_22.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_08_31_01.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_09_09_40.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_11_00_10.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_11_25_35.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_11_29_13.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_11_37_59.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_11_59_29.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_12_03_14.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_12_06_17.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_12_13_19.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_12_23_29.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_22_55_07.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_23_10_06.log
C:\Program Files\SpywareBot\Log\log_2006_09_26_23_13_51.log
C:\Program Files\SpywareBot\Log\log_2006_09_27_10_33_19.log
C:\Program Files\SpywareBot\Log\log_2006_09_27_11_56_54.log
C:\Program Files\SpywareBot\Log\log_2006_09_27_22_49_58.log
C:\Program Files\SpywareBot\Log\log_2006_09_28_18_14_11.log
C:\Program Files\SpywareBot\Log\log_2006_09_29_10_50_43.log
C:\Program Files\SpywareBot\Log\log_2006_09_29_23_21_41.log
C:\Program Files\SpywareBot\Log\log_2006_09_30_10_13_51.log
C:\Program Files\SpywareBot\Log\log_2006_09_30_19_11_24.log
C:\Program Files\SpywareBot\Log\log_2006_10_01_14_58_44.log
C:\Program Files\SpywareBot\Log\log_2006_10_01_18_27_03.log
C:\Program Files\SpywareBot\Log\log_2006_10_02_16_26_00.log
C:\Program Files\SpywareBot\Log\log_2006_10_02_18_50_18.log
C:\Program Files\SpywareBot\Log\log_2006_10_03_14_17_36.log
C:\Program Files\SpywareBot\Log\log_2006_10_03_19_35_04.log
C:\Program Files\SpywareBot\Log\log_2006_10_04_19_21_41.log
C:\Program Files\SpywareBot\Log\log_2006_10_04_21_37_44.log
C:\Program Files\SpywareBot\Log\log_2006_10_05_19_24_15.log
C:\Program Files\SpywareBot\Log\log_2006_10_06_19_03_36.log
C:\Program Files\SpywareBot\Log\log_2006_10_07_14_36_23.log
C:\Program Files\SpywareBot\Log\log_2006_10_07_19_56_21.log
C:\Program Files\SpywareBot\Log\log_2006_10_08_10_42_20.log
C:\Program Files\SpywareBot\Log\log_2006_10_08_12_19_04.log
C:\Program Files\SpywareBot\Log\log_2006_10_08_17_52_16.log
C:\Program Files\SpywareBot\Log\log_2006_10_09_19_04_34.log
C:\Program Files\SpywareBot\Log\log_2006_10_09_19_49_12.log
C:\Program Files\SpywareBot\Log\log_2006_10_09_19_53_00.log
C:\Program Files\SpywareBot\Log\log_2006_10_10_19_42_42.log
C:\Program Files\SpywareBot\Log\log_2006_10_11_19_54_05.log
C:\Program Files\SpywareBot\Log\log_2006_10_12_19_35_37.log
C:\Program Files\SpywareBot\Log\log_2006_10_13_18_47_24.log
C:\Program Files\SpywareBot\Log\log_2006_10_14_19_26_43.log
C:\Program Files\SpywareBot\Log\log_2006_10_15_19_41_26.log
C:\Program Files\SpywareBot\Log\log_2006_10_16_10_17_27.log
C:\Program Files\SpywareBot\Log\log_2006_10_16_12_27_35.log
C:\Program Files\SpywareBot\Log\log_2006_10_16_23_22_39.log
C:\Program Files\SpywareBot\Log\log_2006_10_17_09_50_56.log
C:\Program Files\SpywareBot\Log\log_2006_10_17_23_14_52.log
C:\Program Files\SpywareBot\Log\log_2006_10_18_11_17_56.log
C:\Program Files\SpywareBot\Log\log_2006_10_18_23_08_05.log
C:\Program Files\SpywareBot\Log\log_2006_10_19_10_02_17.log
C:\Program Files\SpywareBot\Log\log_2006_10_19_23_29_15.log
C:\Program Files\SpywareBot\Log\log_2006_10_20_10_43_51.log
C:\Program Files\SpywareBot\Log\log_2006_10_21_05_11_23.log
C:\Program Files\SpywareBot\Log\log_2006_10_21_18_46_13.log
C:\Program Files\SpywareBot\Log\log_2006_10_21_18_54_51.log
C:\Program Files\SpywareBot\Log\log_2006_10_21_23_38_17.log
C:\Program Files\SpywareBot\Log\log_2006_10_22_21_19_04.log
C:\Program Files\SpywareBot\Log\log_2006_10_23_23_27_05.log
C:\Program Files\SpywareBot\Log\log_2006_10_24_09_52_15.log
C:\Program Files\SpywareBot\Log\log_2006_10_24_11_44_15.log
C:\Program Files\SpywareBot\Log\log_2006_10_24_23_06_43.log
C:\Program Files\SpywareBot\Log\log_2006_10_25_22_45_14.log
C:\Program Files\SpywareBot\Log\log_2006_10_26_23_36_50.log
C:\Program Files\SpywareBot\Log\log_2006_10_27_09_48_48.log
C:\Program Files\SpywareBot\Log\log_2006_10_27_22_35_18.log
C:\Program Files\SpywareBot\Log\log_2006_10_28_21_37_07.log
C:\Program Files\SpywareBot\Log\log_2006_10_29_11_30_16.log
C:\Program Files\SpywareBot\Log\log_2006_10_29_17_24_14.log
C:\Program Files\SpywareBot\Log\log_2006_10_29_17_58_31.log
C:\Program Files\SpywareBot\Log\log_2006_10_29_19_49_36.log
C:\Program Files\SpywareBot\Log\log_2006_10_30_18_47_26.log
C:\Program Files\SpywareBot\Log\log_2006_10_31_18_52_06.log
C:\Program Files\SpywareBot\Log\log_2006_10_31_19_12_15.log
C:\Program Files\SpywareBot\Log\log_2006_10_31_21_41_57.log
C:\Program Files\SpywareBot\Log\log_2006_11_01_14_37_03.log
C:\Program Files\SpywareBot\Log\log_2006_11_01_18_58_48.log
C:\Program Files\SpywareBot\Log\log_2006_11_01_21_48_16.log
C:\Program Files\SpywareBot\Log\log_2006_11_01_22_14_22.log
C:\Program Files\SpywareBot\Log\log_2006_11_02_14_45_37.log
C:\Program Files\SpywareBot\Log\log_2006_11_02_17_01_35.log
C:\Program Files\SpywareBot\Log\log_2006_11_02_20_30_08.log
C:\Program Files\SpywareBot\Log\log_2006_11_03_14_35_36.log
C:\Program Files\SpywareBot\Log\log_2006_11_03_20_00_12.log
C:\Program Files\SpywareBot\Log\log_2006_11_04_20_56_31.log
C:\Program Files\SpywareBot\Log\log_2006_11_05_13_26_12.log
C:\Program Files\SpywareBot\Log\log_2006_11_05_18_24_30.log
C:\Program Files\SpywareBot\Log\log_2006_11_06_15_55_12.log
C:\Program Files\SpywareBot\Log\log_2006_11_06_18_55_54.log
C:\Program Files\SpywareBot\Log\log_2006_11_07_16_47_17.log
C:\Program Files\SpywareBot\Log\log_2006_11_07_19_21_27.log
C:\Program Files\SpywareBot\Log\log_2006_11_08_16_48_48.log
C:\Program Files\SpywareBot\Log\log_2006_11_08_18_55_28.log
C:\Program Files\SpywareBot\Log\log_2006_11_08_19_28_02.log
C:\Program Files\SpywareBot\Log\log_2006_11_08_20_17_38.log
C:\Program Files\SpywareBot\Log\log_2006_11_10_19_17_17.log
C:\Program Files\SpywareBot\Log\log_2006_11_13_11_43_45.log
C:\Program Files\SpywareBot\Log\log_2006_11_13_12_10_01.log
C:\Program Files\SpywareBot\Log\log_2006_11_14_12_40_12.log
C:\Program Files\SpywareBot\Log\log_2006_11_15_09_15_00.log
C:\Program Files\SpywareBot\Log\log_2006_11_15_22_25_38.log
C:\Program Files\SpywareBot\Log\log_2006_11_15_22_47_02.log
C:\Program Files\SpywareBot\Log\log_2006_11_15_23_03_41.log
C:\Program Files\SpywareBot\Log\log_2006_11_15_23_32_20.log
C:\Program Files\SpywareBot\Log\log_2006_11_16_09_56_26.log
C:\Program Files\SpywareBot\Log\log_2006_11_16_23_41_22.log
C:\Program Files\SpywareBot\Log\log_2006_11_17_10_44_27.log
C:\Program Files\SpywareBot\Log\log_2006_11_18_10_35_02.log
C:\Program Files\SpywareBot\Log\log_2006_11_18_20_00_53.log
C:\Program Files\SpywareBot\Log\log_2006_11_19_11_30_00.log
C:\Program Files\SpywareBot\Log\log_2006_11_19_20_42_55.log
C:\Program Files\SpywareBot\Log\log_2006_11_19_21_33_11.log
C:\Program Files\SpywareBot\Log\log_2006_11_20_11_20_09.log
C:\Program Files\SpywareBot\Log\log_2006_11_20_11_23_44.log
C:\Program Files\SpywareBot\Log\log_2006_11_20_23_32_21.log
C:\Program Files\SpywareBot\Log\log_2006_11_21_10_59_53.log
C:\Program Files\SpywareBot\Log\log_2006_11_21_22_17_51.log
C:\Program Files\SpywareBot\Log\log_2006_11_21_23_51_49.log
C:\Program Files\SpywareBot\Log\log_2006_11_22_10_39_35.log
C:\Program Files\SpywareBot\Log\log_2006_11_22_23_13_14.log
C:\Program Files\SpywareBot\Log\log_2006_11_23_09_39_57.log
C:\Program Files\SpywareBot\Log\log_2006_11_23_23_18_42.log
C:\Program Files\SpywareBot\Log\log_2006_11_24_23_21_58.log
C:\Program Files\SpywareBot\Log\log_2006_11_25_18_36_41.log
C:\Program Files\SpywareBot\Log\log_2006_11_25_19_02_18.log
C:\Program Files\SpywareBot\Log\log_2006_11_25_21_51_47.log
C:\Program Files\SpywareBot\Log\log_2006_11_26_20_03_23.log
C:\Program Files\SpywareBot\Log\log_2006_11_27_20_05_18.log
C:\Program Files\SpywareBot\Log\log_2006_11_28_19_29_13.log
C:\Program Files\SpywareBot\Log\log_2006_11_29_20_24_00.log
C:\Program Files\SpywareBot\Log\log_2006_11_30_18_33_24.log
C:\Program Files\SpywareBot\Log\log_2006_11_30_20_34_57.log
C:\Program Files\SpywareBot\Log\log_2006_11_30_21_25_27.log
C:\Program Files\SpywareBot\Log\log_2006_12_01_17_32_02.log
C:\Program Files\SpywareBot\Log\log_2006_12_01_19_20_52.log
C:\Program Files\SpywareBot\Log\log_2006_12_02_13_06_13.log
C:\Program Files\SpywareBot\Log\log_2006_12_02_21_53_08.log
C:\Program Files\SpywareBot\Log\log_2006_12_03_19_49_44.log
C:\Program Files\SpywareBot\Log\log_2006_12_04_19_24_47.log
C:\Program Files\SpywareBot\Log\log_2006_12_04_21_45_41.log
C:\Program Files\SpywareBot\Log\log_2006_12_05_20_05_20.log
C:\Program Files\SpywareBot\Log\log_2006_12_06_18_58_32.log
C:\Program Files\SpywareBot\Log\log_2006_12_06_20_40_56.log
C:\Program Files\SpywareBot\Log\log_2006_12_06_21_45_48.log
C:\Program Files\SpywareBot\Log\log_2006_12_07_19_29_25.log
C:\Program Files\SpywareBot\Log\log_2006_12_07_19_33_00.log
C:\Program Files\SpywareBot\Log\log_2006_12_07_20_00_51.log
C:\Program Files\SpywareBot\Log\log_2006_12_07_22_18_12.log
C:\Program Files\SpywareBot\Log\log_2006_12_08_19_37_10.log
C:\Program Files\SpywareBot\Log\log_2006_12_09_20_56_39.log
C:\Program Files\SpywareBot\Log\log_2006_12_10_22_54_57.log
C:\Program Files\SpywareBot\Log\log_2006_12_11_23_00_26.log
C:\Program Files\SpywareBot\Log\log_2006_12_12_12_16_08.log
C:\Program Files\SpywareBot\Log\log_2006_12_12_23_02_53.log
C:\Program Files\SpywareBot\Log\log_2006_12_13_21_42_49.log
C:\Program Files\SpywareBot\Log\log_2006_12_14_08_18_52.log
C:\Program Files\SpywareBot\Log\log_2006_12_14_23_29_20.log
C:\Program Files\SpywareBot\Log\log_2006_12_15_22_56_22.log
C:\Program Files\SpywareBot\Log\log_2006_12_16_20_41_13.log
C:\Program Files\SpywareBot\Log\log_2006_12_17_19_36_35.log
C:\Program Files\SpywareBot\Log\log_2006_12_18_22_47_30.log
C:\Program Files\SpywareBot\Log\log_2006_12_18_22_50_25.log
C:\Program Files\SpywareBot\Log\log_2006_12_19_23_02_41.log
C:\Program Files\SpywareBot\Log\log_2006_12_20_23_30_10.log
C:\Program Files\SpywareBot\Log\log_2006_12_21_23_01_09.log
C:\Program Files\SpywareBot\Log\log_2006_12_22_12_26_59.log
C:\Program Files\SpywareBot\Log\log_2006_12_22_23_04_49.log
C:\Program Files\SpywareBot\Log\log_2006_12_23_22_08_57.log
C:\Program Files\SpywareBot\Log\log_2006_12_24_22_10_47.log
C:\Program Files\SpywareBot\Log\log_2006_12_24_23_45_27.log
C:\Program Files\SpywareBot\Log\log_2006_12_24_23_54_26.log
C:\Program Files\SpywareBot\Log\log_2006_12_25_00_28_57.log
C:\Program Files\SpywareBot\Log\log_2006_12_25_00_33_08.log
C:\Program Files\SpywareBot\Log\log_2006_12_25_10_50_14.log
C:\Program Files\SpywareBot\Log\log_2006_12_25_22_26_14.log
C:\Program Files\SpywareBot\Log\log_2006_12_26_00_05_41.log
C:\Program Files\SpywareBot\Log\log_2006_12_26_23_06_48.log
C:\Program Files\SpywareBot\Log\log_2006_12_26_23_14_56.log
C:\Program Files\SpywareBot\Log\log_2006_12_27_22_48_08.log
C:\Program Files\SpywareBot\Log\log_2006_12_28_22_35_14.log
C:\Program Files\SpywareBot\Log\log_2006_12_29_23_33_19.log
C:\Program Files\SpywareBot\Log\log_2007_01_01_21_37_22.log
C:\Program Files\SpywareBot\Log\log_2007_01_02_21_14_27.log
C:\Program Files\SpywareBot\Log\log_2007_01_03_14_50_43.log
C:\Program Files\SpywareBot\Log\log_2007_01_03_20_51_41.log
C:\Program Files\SpywareBot\Log\log_2007_01_03_21_39_06.log
C:\Program Files\SpywareBot\Log\log_2007_01_04_19_08_35.log
C:\Program Files\SpywareBot\Log\log_2007_01_05_21_38_41.log
C:\Program Files\SpywareBot\Log\log_2007_01_06_09_09_13.log
C:\Program Files\SpywareBot\Log\log_2007_01_06_22_15_41.log
C:\Program Files\SpywareBot\Log\log_2007_01_06_22_19_02.log
C:\Program Files\SpywareBot\Log\log_2007_01_06_22_25_34.log
C:\Program Files\SpywareBot\Log\log_2007_01_07_08_22_21.log
C:\Program Files\SpywareBot\Log\log_2007_01_07_12_40_00.log
C:\Program Files\SpywareBot\Log\log_2007_01_07_12_51_05.log
C:\Program Files\SpywareBot\Log\log_2007_01_07_13_27_11.log
C:\Program Files\SpywareBot\Log\log_2007_01_07_16_19_09.log
C:\Program Files\SpywareBot\Log\log_2007_01_07_19_01_47.log
C:\Program Files\SpywareBot\Log\log_2007_01_07_20_59_22.log
C:\Program Files\SpywareBot\Log\log_2007_01_08_07_59_34.log
C:\Program Files\SpywareBot\Log\log_2007_01_08_22_41_45.log
C:\Program Files\SpywareBot\Log\log_2007_01_08_22_47_38.log
C:\Program Files\SpywareBot\Log\log_2007_01_08_22_51_51.log
C:\Program Files\SpywareBot\Log\log_2007_01_09_23_05_08.log
C:\Program Files\SpywareBot\Log\log_2007_01_10_23_25_56.log
C:\Program Files\SpywareBot\Log\log_2007_01_11_23_07_03.log
C:\Program Files\SpywareBot\Log\log_2007_01_14_09_18_10.log
C:\Program Files\SpywareBot\Log\log_2007_01_14_10_05_18.log
C:\Program Files\SpywareBot\Log\log_2007_01_14_12_15_57.log
C:\Program Files\SpywareBot\Log\log_2007_01_14_19_35_55.log
C:\Program Files\SpywareBot\Log\log_2007_01_14_19_57_33.log
C:\Program Files\SpywareBot\Log\log_2007_01_15_09_48_40.log
C:\Program Files\SpywareBot\Log\log_2007_01_15_11_47_44.log
C:\Program Files\SpywareBot\Log\log_2007_01_16_22_33_54.log
C:\Program Files\SpywareBot\Log\log_2007_01_17_22_50_00.log
C:\Program Files\SpywareBot\Log\log_2007_01_18_23_27_00.log
C:\Program Files\SpywareBot\Log\log_2007_01_19_23_31_08.log
C:\Program Files\SpywareBot\Log\log_2007_01_20_14_19_32.log
C:\Program Files\SpywareBot\Log\log_2007_01_20_17_38_19.log
C:\Program Files\SpywareBot\Log\log_2007_01_20_21_57_26.log
C:\Program Files\SpywareBot\Log\log_2007_01_20_22_09_46.log
C:\Program Files\SpywareBot\Log\log_2007_01_20_22_12_44.log
C:\Program Files\SpywareBot\Log\log_2007_01_20_22_34_47.log
C:\Program Files\SpywareBot\Log\log_2007_01_20_23_11_17.log
C:\Program Files\SpywareBot\Log\log_2007_01_20_23_56_05.log
C:\Program Files\SpywareBot\Log\log_2007_01_21_14_47_08.log
C:\Program Files\SpywareBot\Log
C:\Program Files\SpywareBot\Quarantine
C:\Program Files\SpywareBot\Registry Backups
C:\Program Files\SpywareBot\Settings\CustomScan.stg
C:\Program Files\SpywareBot\Settings\IgnoreList.stg
C:\Program Files\SpywareBot\Settings\ScanInfo.stg
C:\Program Files\SpywareBot\Settings\ScanResults.stg
C:\Program Files\SpywareBot\Settings\SelectedFolders.stg
C:\Program Files\SpywareBot\Settings\Settings.stg
C:\Program Files\SpywareBot\Settings
C:\Program Files\SpywareBot

Adware.MyGlobalSearchBar
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL
HKLM\Software\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\TypeLib
HKLM\Software\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib
HKLM\Software\Classes\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Control
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus\1
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\ProgID
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\TypeLib
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Version
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{EF281620-A3A3-4f08-874F-D68CFC9B7945}
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\InprocServer32
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\InprocServer32#ThreadingModel
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\ProgID
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\Programmable
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\TypeLib
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0\win32
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\FLAGS
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][1].txt

Adware.MyWebSearch
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-496
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello and welcome back

Please post a HJT log as outlined in step 5 of CLICK HERE tutorial above.
  • 0

#3
afc_london

afc_london

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hello and welcome back

Please post a HJT log as outlined in step 5 of CLICK HERE tutorial above.


Hello again Phil , hope you are keeping well. Here's my log :

Logfile of HijackThis v1.99.1
Scan saved at 14:50:09, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BT Home Computing\BTHomeComputing.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\stephen wilkinson\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http://www-cache.freeserve.com:8080;http=http://www-cache.freeserve.com:8080
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll (file missing)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BT Home Computing.lnk = C:\Program Files\BT Home Computing\BTHomeComputing.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136671610203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E03535-7B89-43CE-A998-D2EBE307E949}: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B12683F-1C8A-46FC-A896-4D842D3D6584}: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BB4B041-D632-45D9-8930-95388BFEDC04}: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rmk8ot - rmk8ot.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\stephen wilkinson\Desktop\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Stephen and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have been hijacked by those lovely people in the Ukraine, they control your surfing currently. This normally results in the wareout infection. Let’s see what we can do.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearsh...ar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http://www-cache.freeserve.com:8080;http=http://www-cache.freeserve.com:8080
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll (file missing)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E03535-7B89-43CE-A998-D2EBE307E949}: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B12683F-1C8A-46FC-A896-4D842D3D6584}: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BB4B041-D632-45D9-8930-95388BFEDC04}: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O20 - Winlogon Notify: rmk8ot - rmk8ot.dll (file missing)


Click FIX CHECKED. Close HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following folders, and delete them:

C:\Program Files\BearShare\
C:\Program Files\VVSN\
C:\PROGRA~1\FREESE~1\FSBar\

Have a look in the Add and Remove Programs in the control panel, if you can see FunWeb Products, uninstall it.

Exit Explorer, and reboot as normal afterwards.

Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step.

CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.
  • Double-click the Network Connections icon
  • Right-click the Local Area Connection icon and select Properties.
  • Hilight Internet Protocol (TCP/IP) and click the Properties button.
  • Be sure Obtain DNS server address automatically is selected.
  • OK your way out.
Next bit
  • Go to Start > Run and type in cmd
  • Click OK.
  • This will open a command prompt.
  • Type or copy and paste the following line in the command window:
ipconfig /flushdns
  • Hit Enter
  • Exit the command window
  • Restart your computer.
Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt), along with a new HijackThis log, from normal mode, into this topic.
  • 0

#5
afc_london

afc_london

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Phil , sorry for delay.

Fixwareout
Last edited 1/14/2006
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINDOWS\system32\kdmrk.exe will be moved to C:\WINDOWS\temp\kdmrk.ren at reboot.
»»»»» System restarted
...
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»
Logfile of HijackThis v1.99.1
Scan saved at 16:52:04, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BT Home Computing\BTHomeComputing.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\stephen wilkinson\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BT Home Computing.lnk = C:\Program Files\BT Home Computing\BTHomeComputing.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136671610203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\stephen wilkinson\Desktop\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Edited by Crustyoldbloke, 25 January 2007 - 10:59 AM.

  • 0

#6
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Please note that I have edited your post to remove the quote of my previous post. If we both start quoting each others posts, we will increase the strain on servers and bandwidth, and since no one else can respond, why bother doing it?

The logs look OK and you are no longer hijacked, but I think we should search a little deeper.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
combofix.exe

Please open, and update AVG Anti Spyware
  • Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close AVGas. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

  • In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the Windows tab, and under the heading of Applications, Utilities uncheck AVGas Anti-Spyware then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please).
  • 0

#7
afc_london

afc_london

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:06:25 25/01/2007

+ Scan result:



C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0015532.exe -> Adware.Softomate : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\stephen wilkinson\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end
"stephen wilkinson" - 07-01-25 18:11:29 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\stephen wilkinson\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\hosts


((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


2007-01-25 18:07 <DIR> d-------- C:\Program Files\Yahoo!
2007-01-25 18:07 <DIR> d-------- C:\Program Files\CCleaner
2007-01-25 15:25 <DIR> d-------- C:\fixwareout
2007-01-21 18:38 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-21 14:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-21 14:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-21 14:57 <DIR> d-------- C:\DOCUME~1\STEPHE~1\Application Data\SUPERAntiSpyware.com
2007-01-21 14:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-01-21 00:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-20 22:34 <DIR> d-------- C:\DOCUME~1\DANNYW~1\Application Data\McAfee.com Personal Firewall
2007-01-20 22:09 <DIR> d-------- C:\DOCUME~1\MAGDAL~1\Application Data\McAfee.com Personal Firewall
2007-01-14 12:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\WholeSecurity
2007-01-12 00:14 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-10 23:54 41,984 --a------ C:\WINDOWS\UnGins.exe
2007-01-10 23:54 <DIR> d-------- C:\Program Files\Crazy Tetrix
2006-12-28 23:10 <DIR> d-------- C:\Program Files\Google Toolbar
2006-12-25 23:18 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-25 23:18 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-25 23:16 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-25 23:15 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-25 23:15 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-25 23:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2006-12-25 22:30 <DIR> d-------- C:\DOCUME~1\STEPHE~1\Contacts
2006-12-25 22:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-25 22:29 <DIR> d-------- C:\Program Files\MSN Messenger


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-25 16:20 -------- d-------- C:\Program Files\freeserve
2007-01-21 14:57 -------- d---s---- C:\DOCUME~1\STEPHE~1\Application Data\microsoft
2007-01-20 23:54 -------- d-------- C:\DOCUME~1\STEPHE~1\Application Data\lavasoft
2007-01-20 18:02 3288 --a------ C:\DOCUME~1\STEPHE~1\Application Data\wklnhst.dat
2007-01-14 10:18 -------- d-------- C:\DOCUME~1\STEPHE~1\Application Data\wholesecurity
2006-12-28 23:10 -------- d-------- C:\Program Files\softwarerevenue.org
2006-12-25 22:41 -------- d-------- C:\DOCUME~1\STEPHE~1\Application Data\mcafee.com personal firewall
2006-12-24 23:52 -------- d-------- C:\Program Files\mcafee
2006-12-24 23:51 -------- d-------- C:\Program Files\mcafee.com
2006-12-24 23:47 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-24 23:45 -------- d-------- C:\Program Files\Common Files\swf studio
2006-12-24 22:29 -------- d-------- C:\DOCUME~1\STEPHE~1\Application Data\moyeaflv2video
2006-12-24 22:28 -------- d-------- C:\Program Files\moyea
2006-12-14 00:15 -------- d-------- C:\Program Files\mozilla firefox
2006-12-07 20:32 -------- d-------- C:\Program Files\grisoft
2006-12-07 20:00 -------- d-------- C:\Program Files\noadware5.0
2006-12-07 05:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 21:40 -------- d-------- C:\Program Files\google
2006-11-30 19:37 -------- d-------- C:\Program Files\flvplayer
2006-11-30 19:09 -------- d-------- C:\DOCUME~1\STEPHE~1\Application Data\mozilla
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=hex:00,00,00,00
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\rmk8ot.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\rmk9ot.sys

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

Completion time: 07-01-25 18:13:09
Logfile of HijackThis v1.99.1
Scan saved at 18:25:26, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BT Home Computing\BTHomeComputing.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stephen wilkinson\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BT Home Computing.lnk = C:\Program Files\BT Home Computing\BTHomeComputing.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136671610203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\stephen wilkinson\Desktop\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#8
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Stephen

Found this baddie lurking. Please delete it:

C:\Program Files\softwarerevenue.org

The logs look OK overall, how's it running now?

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

  • 0

#9
afc_london

afc_london

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thats great Phil , thankyou very much. Seems to be running really smooth now , but most importantly ive got my son back as my desktop wallpaper.
Thankyou for your time and effort.

Stephen.
  • 0

#10
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Congratulations! your new log is clean. :whistling: Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programme for “on demand” scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :blink:

It just remains for me to wish you happy safe surfing; I hope you found my advice helpful.
  • 0

#11
afc_london

afc_london

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks Phil , that's all done. Ive acquired all of the programs you listed. The only one im having trouble with is the "Hosts zip"
I downloaded it to my desktop as stated , but i am having difficulties opening and running it.
Apart from that everything is A1. :whistling:
  • 0

#12
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Try right clicking it and choosing Extract, when all the contents appear, look for the mvps.bat and double click it. You will then see a confirmation window with the request to press any key to continue. Job done, bookmark it because you should be going there once a month as that file is updated fortnightly.
  • 0

#13
afc_london

afc_london

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Try right clicking it and choosing Extract, when all the contents appear, look for the mvps.bat and double click it. You will then see a confirmation window with the request to press any key to continue. Job done, bookmark it because you should be going there once a month as that file is updated fortnightly.


Job done. Thankyou Phil. :whistling:
  • 0

#14
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
You are welcome.

I will leave this thread open for a few days in case of misfortune.
  • 0

#15
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP