1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Mom's Machine Slow as Molasses....

Discussion in 'Malware and Virus Removal Archive' started by Blue Star, 2010/03/31.

Page 2 of 3
  1. 2010/04/06
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    running DrWeb CureIt now..estimated run time ...2.5 hours... tty then...:)
     
    Blue Star,
    #21
  2. 2010/04/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We have to do it. This computer was heavily infected.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/04/09
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Ok... so far long, strange trip....

    On the first run of DrWeb... 1/5 thru complete scan it had found 16 items and cured or moved most. Then the fun began. Repeatedly shuts down. I have tried to run it 5 times in the last couple of days.

    Set up for complete scan again last night only to find the machine frozen this am. Had to unplug the machine and reboot to start.

    here's latest hjt... and will check on DrWeb report, but I doubt it was ever updated....


    HJT
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:35:24 PM, on 4/9/2010
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX3\ffx6w4.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

    --
    End of file - 6265 bytes


    Last DrWeb...

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3961

    Windows 5.1.2600 Service Pack 1
    Internet Explorer 6.0.2800.1106

    4/6/2010 9:15:33 PM
    mbam-log-2010-04-06 (21-15-33).txt

    Scan type: Quick scan
    Objects scanned: 112142
    Time elapsed: 14 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 31
    Files Infected: 220

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\Owner\Application Data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-22 12-37-170 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-27 13-59-170 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-04 12-40-210 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-16 16-02-530 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-08-17 12-29-420 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-10-31 21-25-400 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-16 12-30-130 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-24 15-28-330 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-47-060 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-48-260 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-03 21-29-590 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-15 22-44-310 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-20 14-23-200 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Program Files\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\Owner\Application Data\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 11-08-470.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 11-38-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 02-29-230.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 03-34-520.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 04-15-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 10-10-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-19 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-19 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-20 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-20 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-21 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-21 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-27 12-00-010.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-27 12-00-011.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-22 12-00-020.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-22 12-00-021.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-23 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-23 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-24 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-24 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-27 12-00-090.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-27 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-28 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-28 12-00-061.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-03 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-03 12-00-200.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-04 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-04 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-11 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-11 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-15 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-15 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-17 12-00-340.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-17 12-00-370.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-19 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-19 12-00-130.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-09-02 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-09-02 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-13 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-13 12-00-051.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-31 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-31 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-12-24 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-12-24 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-03 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-03 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-06 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-06 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-16 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-16 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-20 12-01-450.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-20 12-01-540.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-24 12-00-150.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-24 12-00-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-31 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-31 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-03 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-03 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-07 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-07 12-00-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-15 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-15 12-00-090.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-16 12-00-100.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-16 12-00-130.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-17 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-17 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-18 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-18 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-14 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-14 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-23 12-00-100.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-23 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-22 12-37-170\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-27 13-59-170\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-04 12-40-210\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-16 16-02-530\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-08-17 12-29-420\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-10-31 21-25-400\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-16 12-30-130\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-24 15-28-330\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-47-060\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-48-260\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-03 21-29-590\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-15 22-44-310\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-20 14-23-200\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
    C:\Program Files\ErrorFix\definitions.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Program Files\ErrorFix\ErrorFix.exe (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Program Files\ErrorFix\ErrorFix.url (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Program Files\ErrorFix\privacy.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix Help.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix on the Web.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.
     
    Blue Star,
    #23
  5. 2010/04/09
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Never one to complain, I am eternally grateful for your time Broni. If I make any reference to time, it';s only to explain my absense....:)

    Working on Mom's machine has kept me from mine...lol.. will get back to you on that soon... this am got the warning message again... will get to that later, though...
     
    Blue Star,
    #24
  6. 2010/04/09
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    I am running DrWeb once again after a few changes in settings... hope it works...

    20% thru completion so far.
     
    Blue Star,
    #25
  7. 2010/04/09
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    If you sit long enough in the same spot, the whole world will pass you by..haha

    I have a warning from the tray on the lower right corner which says virtual memory is to low to perform certain tasks.
     
    Blue Star,
    #26
  8. 2010/04/09
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    Moving right along.... 45% and 5 items found. Moving at a faster clip today as well.
     
    Blue Star,
    #27
  9. 2010/04/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, keep me posted....
     
    broni,
    #28
  10. 2010/04/11
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    finally this... from DrWeb.
    I am asked to select all then cure it...do I perform that task before restart?



    KillWind.exe;C:\hp\bin;Tool.ProcessKill;;
    uninstall.exe;C:\Program Files\blstoolbar;Adware.VMN;;
    aoltsmon.dll;C:\Program Files\Common Files\AOL\TopSpeed\2.0;Probably DLOADER.Trojan;;
    GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;;
    InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;;
    HCUpgrade3.1.exe\{tmp}\BellSouth\ForceSync.exe;C:\Program Files\Support.com\bin\HCUpgrade3.1.exe;Trojan.PWS.Gamania;;
    hcsetup3.1.exe\{pf}\Support.com\bin\sdcmon.dll;C:\Program Files\Support.com\bin\HCUpgrade3.1.exe/{tmp}\BellSouth\hcsetup3.1.exe;Probably DLOADER.Trojan;;
    {tmp}\BellSouth\hcsetup3.1.exe;C:\Program Files\Support.com\bin\HCUpgrade3.1.exe/{tmp}\BellSouth;Archive contains infected objects;;
    HCUpgrade3.1.exe;C:\Program Files\Support.com\bin;Archive contains infected objects;Moved.;
    sdcmon.dll;C:\Program Files\Support.com\bin;Probably DLOADER.Trojan;;
     
    Blue Star,
    #29
  11. 2010/04/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, please.
     
    broni,
    #30
  12. 2010/04/11
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    hjt....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:31:24 PM, on 4/11/2010
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

    --
    End of file - 6097 bytes
     
    Blue Star,
    #31
  13. 2010/04/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, last scan....

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
    broni,
    #32
  14. 2010/04/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You already posted HJT log.
    Please, read my previous reply.
     
    broni,
    #33
  15. 2010/04/12
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    kapersky will not run.... (not responding) and it shuts down browser and restart takes about 25 minutes each time
     
    Blue Star,
    #34
  16. 2010/04/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I assume, you ran TFC?

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Post fresh HJT log as well.
     
    broni,
    #35
  17. 2010/04/12
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    yes... ran tfc each time kaspersky froze...running eset now
     
    Blue Star,
    #36
  18. 2010/04/12
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    had to uninstall avast...sorry, I know the rules, but even in its disabled state each online virus scanner detected it and stopped running!
     
    Blue Star,
    #37
  19. 2010/04/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine. Reinstall it afterwards.
     
    broni,
    #38
  20. 2010/04/13
    Blue Star

    Blue Star Well-Known Member Thread Starter

    Joined:
    2010/03/25
    Messages:
    454
    Likes Received:
    2
    ESETscan and HJT.....
    04 13 2010


    C:\Documents and Settings\Owner\DoctorWeb\Quarantine\AIM.exe Win32/Adware.WBug.A application deleted - quarantined
    C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\runner.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
    C:\Program Files\blstoolbar\blstoolbar.dll probably a variant of Win32/Adware.BHO.MegaSearch application cleaned by deleting - quarantined
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined




    hjt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:33:52 PM, on 4/13/2010
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

    --
    End of file - 6127 bytes
     
    Blue Star,
    #39
  21. 2010/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You forgot to reinstall Avast. Make sure, you do it.

    Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

    ===============================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...