Hijack this log

Question

Hi! Appaentenly I got some semblance of the antivirus 2008 rogue spyware program on my PC.  i have cleaned it off as much as possible using advice from Windows and Adwarealert site.  However, I am still getting alerts in the system tray on the lower right side of the screen.  Here is my file, any and all help is appreciated.   Picaro12   Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:28 PM, on 9/2/2008Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: Normal Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Windows\system32	askeng.exeC:\Program Files\Trend Micro\Internet Security 14\pccguide.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Windows\ehome\ehmsas.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Common Files\Real\Update_OBealsched.exeC:\Program Files\PCHealthCenter\1.exeC:\Program Files\PCHealthCenter\2.exeC:\Program Files\PCHealthCenter\3.exeC:\Program Files\PCHealthCenter\4.exeC:\Program Files\PCHealthCenter\7.exeC:\Program Files\MSA\MSA.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Program Files\Norton Security Scan\Nss.exeC:\Program Files\Norton Security Scan\Nss.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil9f.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1198785583&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by DellR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exeO4 - HKLM\..\Run: [VolPanel] 'C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe' /rO4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXEO4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKLM\..\Run: [ISUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -startO4 - HKLM\..\Run: [dscactivate] 'C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe'O4 - HKLM\..\Run: [pccguide.exe] 'C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe'O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] 'C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe'O4 - HKLM\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osbootO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\QTTask.exe' -atboottimeO4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe'O4 - HKLM\..\Run: [\VIEAA19.exe] C:\Windows\System32\VIEAA19.exeO4 - HKLM\..\Run: [\VIEAAA6.exe] C:\Windows\System32\VIEAAA6.exeO4 - HKLM\..\Run: [\VIEADA2.exe] C:\Windows\System32\VIEADA2.exeO4 - HKLM\..\Run: [\VIEAEAB.exe] C:\Windows\System32\VIEAEAB.exeO4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exeO4 - HKLM\..\Run: [\VIE2D0E.exe] C:\Windows\System32\VIE2D0E.exeO4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenterO4 - HKCU\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [\VIEAA19.exe] C:\Windows\System32\VIEAA19.exeO4 - HKCU\..\Run: [\VIEAAA6.exe] C:\Windows\System32\VIEAAA6.exeO4 - HKCU\..\Run: [\VIEADA2.exe] C:\Windows\System32\VIEADA2.exeO4 - HKCU\..\Run: [\VIEAEAB.exe] C:\Windows\System32\VIEAEAB.exeO4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exeO4 - HKCU\..\Run: [\VIE2D0E.exe] C:\Windows\System32\VIE2D0E.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix:O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe --End of file - 11056 bytes

bamajim · Answer

picaro12 Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select ' Perform Quick Scan', then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Microsoft MVP Consumer-Security   SpywareHammer   'The world is what you make of it'

picaro12 · Answer

looks like it is gone.  Thanks for hte help, should have come here first.   Thanks a million!   Picaro12

picaro12 · Answer

Here it is. Apparantly some of the software I had was also somewhat rogue (Adware alert, etc)

Am going to restart and see how it goes

Picaro12

Malwarebytes' Anti-Malware 1.26
Database version: 1106
Windows 6.0.6000

9/2/2008 7:20:31 PM
mbam-log-2008-09-02 (19-20-30).txt

Scan type: Quick Scan
Objects scanned: 42090
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 6
Registry Keys Infected: 10
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 41

Memory Processes Infected:
C:\Windows\System32\VIEAA19.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Unloaded process successfully.
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (Rogue.AdwareAlert) -> Unloaded process successfully.
C:\Program Files\ErrorKiller\ErrorKiller.exe (Rogue.ErrorKiller) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\AdwareAlert\SpyCleaner.dll (Rogue.AdwareAlert) -> Delete on reboot.
C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Delete on reboot.
C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Delete on reboot.
C:\Program Files\ErrorKiller\RegCleaner.dll (Rogue.ErrorKiller) -> Delete on reboot.
C:\Program Files\ErrorKiller\TCL.dll (Rogue.ErrorKiller) -> Delete on reboot.
C:\Program Files\ErrorKiller\zlib.dll (Rogue.ErrorKiller) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\0bb69e0c8f7404d4b92477b0f0bd1845 (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\0bb69e0c8f7404d4b92477b0f0bd1845 (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adwarealertsrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\adwarealertsrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adwarealertsrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieaa19.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieaa19.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\errorkiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\errorkiller\ (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programdata\microsoft\windows\start menu\programs\errorkiller\ (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programdata\microsoft\windows\start menu\programs\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\VIEAA19.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.url (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\DataBase.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\SpyCleaner.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\vistaCPtasks.xml (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\DataBase.ref (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\ErrorKiller.exe (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\ErrorKiller.url (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\RegCleaner.dll (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\TCL.dll (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\zlib.dll (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Log\2008 Sep 02 - 03_17_29 PM_005.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Log\2008 Sep 02 - 04_00_52 PM_183.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Log\2008 Sep 02 - 04_01_15 PM_112.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Log\2008 Sep 02 - 04_42_12 PM_295.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Log\2008 Sep 02 - 04_47_04 PM_015.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\AdwareAlert\Quarantine\02-09-2008-19-15-26\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorKiller\ErrorKiller on the Web.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorKiller\ErrorKiller.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Log\2008 Sep 02 - 03_51_55 PM_462.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Log\2008 Sep 02 - 04_00_43 PM_679.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Log\2008 Sep 02 - 04_44_09 PM_189.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Registry Backups\2008-09-02_15-54-08.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Registry Backups\2008-09-02_15-57-36.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Registry Backups\2008-09-02_16-24-54.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Roaming\ErrorKiller\Registry Backups\2008-09-02_16-45-38.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Matt\AppData\Local\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

bamajim · Answer

picaro12   You are most welcome. Please post a fresh Hiajckthis log so I can see that we got it all     Microsoft MVP Consumer-Security     SpywareHammer     'The world is what you make of it'

Virus & Spyware

Was this post helpful?