Solved Mom's Machine Slow as Molasses....

Blue Star · 2010/03/31

[Resolved] Mom's Machine Slow as Molasses....

Hey Broni... Here are the log files from Mom's machine we discussed earlier. Thanks for taking a look.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:53:47.44 on Wed 03/31/2010
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.247.69 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://qus8.hpwis.com/
uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/
uSearch Bar = hxxp://srch-qus8.hpwis.com/
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.

ocx
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [Acme.PCHButton] c:\progra~1\instan~1\presario\xphnars3en\plugin\bin\PCHButton.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\1940576

\program\BackWeb-1940576.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web

printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web

printing\hpswp_extensions.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft

money\system\mnyside.dll
Trusted Zone: securesite.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6

-1-2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\2m43amru.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://

browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome

://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-16 114768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-2 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-2 352920]
S2 mrtRate;mrtRate; [x]
S3 PCDRDRV;Pcdr Helper Driver; [x]

=============== Created Last 30 ================

==================== Find3M ====================

2010-04-01 01:48:30 137447 -c--a-w- c:\windows\HPHins15.dat
2002-06-27 15:58:48 41389 -c--a-w- c:\program files\lxaxsdrv.cat
2002-05-16 02:28:32 5740 -c--a-w- c:\program files\lxaxsdrv.ini
2002-05-15 06:57:56 9068 -c--a-w- c:\program files\lxaxspsz.gpd
2002-04-02 02:30:42 8494 -c--a-w- c:\program files\lxaxsdrv.inf
2002-03-15 10:36:56 4179 -c--a-w- c:\program files\lxaxsdrv.gpd
2008-08-05 19:23:17 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\application

data\microsoft\feeds cache\index.dat
2008-08-05 01:29:08 49152 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist

012008080420080805\index.dat
2008-08-05 19:22:53 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist

012008080520080806\index.dat

============= FINISH: 20:55:08.29 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/8/2008 12:20:54 PM
System Uptime: 3/31/2010 8:40:54 PM (0 hours ago)

Motherboard: TriGem Computer Inc. | | Glendale motherboard
Processor: Intel(R) Celeron(R) CPU 2.50GHz | WMT478/NWD | 2491/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 58.741 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.302 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP180: 12/30/2009 3:04:35 PM - System Checkpoint
RP181: 1/1/2010 12:26:35 PM - System Checkpoint
RP182: 1/6/2010 8:47:16 AM - System Checkpoint
RP183: 1/7/2010 9:39:12 AM - System Checkpoint
RP184: 1/9/2010 4:32:12 PM - System Checkpoint
RP185: 1/13/2010 11:19:15 AM - System Checkpoint
RP186: 1/15/2010 9:28:02 AM - System Checkpoint
RP187: 1/16/2010 1:23:06 PM - System Checkpoint
RP188: 1/18/2010 5:32:30 PM - System Checkpoint
RP189: 1/19/2010 8:27:46 PM - System Checkpoint
RP190: 1/21/2010 2:35:47 PM - System Checkpoint
RP191: 1/23/2010 3:11:49 PM - System Checkpoint
RP192: 1/24/2010 3:46:45 PM - System Checkpoint
RP193: 1/25/2010 3:52:22 PM - System Checkpoint
RP194: 1/27/2010 5:29:18 PM - System Checkpoint
RP195: 1/29/2010 10:06:05 AM - System Checkpoint
RP196: 1/31/2010 2:42:52 AM - Installed Singlesnet
RP197: 2/1/2010 11:50:04 PM - System Checkpoint
RP198: 2/6/2010 11:00:32 PM - System Checkpoint
RP199: 2/8/2010 1:26:06 PM - System Checkpoint
RP200: 2/9/2010 11:03:35 PM - System Checkpoint
RP201: 2/11/2010 5:23:30 PM - System Checkpoint
RP202: 2/15/2010 11:59:42 AM - System Checkpoint
RP203: 2/17/2010 12:36:56 PM - System Checkpoint
RP204: 2/20/2010 3:01:06 PM - System Checkpoint
RP205: 2/22/2010 9:35:40 AM - System Checkpoint
RP206: 2/26/2010 6:02:04 PM - System Checkpoint
RP207: 2/28/2010 11:05:14 AM - System Checkpoint
RP208: 3/1/2010 2:17:21 PM - System Checkpoint
RP209: 3/3/2010 11:38:49 AM - System Checkpoint
RP210: 3/5/2010 2:51:33 PM - System Checkpoint
RP211: 3/10/2010 10:44:14 AM - System Checkpoint
RP212: 3/12/2010 2:20:12 PM - System Checkpoint
RP213: 3/14/2010 8:10:38 AM - System Checkpoint
RP214: 3/15/2010 1:37:00 PM - System Checkpoint
RP215: 3/17/2010 1:39:18 PM - System Checkpoint
RP216: 3/19/2010 5:13:39 PM - System Checkpoint
RP217: 3/21/2010 10:06:23 AM - System Checkpoint
RP218: 3/22/2010 11:44:12 AM - System Checkpoint
RP219: 3/23/2010 12:35:31 PM - System Checkpoint
RP220: 3/25/2010 11:24:47 AM - System Checkpoint
RP221: 3/27/2010 7:37:32 AM - System Checkpoint
RP222: 3/28/2010 9:20:49 AM - System Checkpoint
RP223: 3/29/2010 2:29:16 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
ATT-PRT22
ATT-RemoteControl
avast! Antivirus
BufferChm
Compaq Connections
CustomerResearchQFolder
D1400
D1400_Help
DeviceDiscovery
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
ErrorFix
eSupportQFolder
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Deskjet printer preloaded drivers
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
Instant Support
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework (English) v1.0.3705
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Works 7.0
Mozilla Firefox (3.6)
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PanoStandAlone
PC-Doctor for Windows
PSSWCORE
Python 2.2 combined Win32 extensions
Quicken 2003 New User Edition
RealOne Player
RecordNow
S3Display
S3Gamma2
S3Info2
S3Overlay
Simple Installer - Multilanguage Version
Singlesnet
SolutionCenter
Sonic Update Manager
Status
Toolbox
TrayApp
UnloadSupport
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
Weblink
WebReg
Windows XP Hotfix - KB822603
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329909
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
Yahoo! Companion

==== Event Viewer Messages From Past Week ========

3/31/2010 3:43:56 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system

cannot find the file specified.
3/29/2010 6:10:20 AM, error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
3/29/2010 6:10:20 AM, error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It

has done this 1 time(s).

==== End Of File ===========================

broni · 2010/03/31

Make sure, "word wrap" is disabled in Notepad, because logs are hard to read.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

============================================================

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

Blue Star · 2010/04/01

Thanks Broni.... going to Mom's this pm and will run CF and HJT and post logs.

broni · 2010/04/01

Ok .....

Blue Star · 2010/04/01

Here's Mom's first CF and HJT logs... tons of goo....

CF took 90 minutes to run and generate a report!

ComboFix 10-03-29.04 - Owner 04/01/2010 17:05:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.247.133 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\alot
c:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Owner\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\Owner\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Owner\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Owner\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Owner\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Owner\Application Data\alot\products\products.xml
c:\documents and settings\Owner\Application Data\alot\products\products.xml.backup
c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\default_251_alot_lottery_results.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\alert-icon.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\clear.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_281_alot_weather_widget.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\mcloud.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\nclear.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\nfoggy.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\nmcloud.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\npcloud.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\ntstorm.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\pcloud.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\default_257_alot_lottery_numbers.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_258_alot_lottery_news.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_259_alot_lottery_sweeps.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_260_alot_lottery_mrkt_dice.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\default_453_alot_mrkt_180.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\default_527_alot_mrkt_180.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Owner\Application Data\alot\toolbar.xml
c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml.backup
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{D1EB1C2B-275A-4B8B-B4C3-02BC2C1BA86D}\setup.msi
c:\program files\Internet Explorer\msimg32.dll
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\content\options.js
c:\program files\SelectRebates\FFToolbar\chrome\content\options.xul
c:\program files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.xul
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\contents.rdf
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd.skin
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.properties
c:\program files\SelectRebates\FFToolbar\chrome\skin\3rdParty.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\add-folderplus.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\add-plussign.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\alert-blue.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\alert-red.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\bluebar.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\dollarsign.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\FindWords.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\gripper.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\icon-magnifying.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\invite.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\invite2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-blue.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-gray.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-green.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-red.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Options.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\S.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-LogoHotSpots.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-logotext.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v1.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\sahtoolbar.css
c:\program files\SelectRebates\FFToolbar\chrome\skin\Scissors.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Search.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\shoppingcart.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\singleperson.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\star.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\thumb2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Thumbs.db
c:\program files\SelectRebates\FFToolbar\chrome\skin\toolbar-images-ALL.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Toolbar_HelpAndFeedback.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Wrench.png
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\bg-gradient.gif
c:\program files\SelectRebates\SahImages\button-close.gif
c:\program files\SelectRebates\SahImages\button-finish.gif
c:\program files\SelectRebates\SahImages\icon-desktop.gif
c:\program files\SelectRebates\SahImages\sah-logopop.gif
c:\program files\SelectRebates\SahImages\sah-logopoplg.gif
c:\program files\SelectRebates\SahImages\SAHS_popuplogo2.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.dll
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesApi.ini
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\Toolbar\Add.bmp
c:\program files\SelectRebates\Toolbar\AdvancedOptions.html
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\button-CloseWindow.gif
c:\program files\SelectRebates\Toolbar\i_clipboard.bmp
c:\program files\SelectRebates\Toolbar\i_help.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\Invite.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\MyNew.bmp
c:\program files\SelectRebates\Toolbar\MyNone.bmp
c:\program files\SelectRebates\Toolbar\MyPage.bmp
c:\program files\SelectRebates\Toolbar\Rate.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sah_logo_bars.gif
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\program files\SelectRebates\Toolbar\Tools.bmp
c:\program files\SelectRebates\Toolbar\Tools2.bmp
c:\recycler\S-1-5-21-584944205-4175151445-2542967469-1003
c:\windows\jestertb.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\Application Data\alot
c:\windows\system32\config\systemprofile\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\windows\system32\config\systemprofile\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_0\Button_0.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_0\Button_0.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_1\Button_1.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_1\Button_1.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_10\Button_10.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_10\Button_10.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_11\Button_11.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_11\Button_11.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_2\Button_2.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_2\Button_2.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_3\Button_3.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_3\Button_3.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_4\Button_4.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_4\Button_4.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_5\Button_5.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_5\Button_5.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_6\Button_6.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_6\Button_6.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_7\Button_7.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_7\Button_7.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_8\Button_8.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_8\Button_8.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_9\Button_9.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_9\Button_9.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\configurator\configurator.xml
c:\windows\system32\config\systemprofile\Application Data\alot\configurator\configurator.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\windows\system32\config\systemprofile\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\windows\system32\config\systemprofile\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\products\products.xml
c:\windows\system32\config\systemprofile\Application Data\alot\products\products.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_2\images\default_251_alot_lottery_results.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\alert-icon.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\clear.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\default_281_alot_weather_widget.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\mcloud.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\nclear.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\nfoggy.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\nmcloud.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\npcloud.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\ntstorm.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_3\images\pcloud.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_4\images\default_257_alot_lottery_numbers.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_5\images\default_258_alot_lottery_news.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_6\images\default_259_alot_lottery_sweeps.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_7\images\default_260_alot_lottery_mrkt_dice.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_8\images\default_453_alot_mrkt_180.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Button_8\images\default_527_alot_mrkt_180.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\domains.dat
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\windows\system32\config\systemprofile\Application Data\alot\TimerManager\TimerManager.xml
c:\windows\system32\config\systemprofile\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\toolbar.xml
c:\windows\system32\config\systemprofile\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\windows\system32\config\systemprofile\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Updater\Updater.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Updater\Updater.xml.backup
c:\windows\system32\config\systemprofile\Desktop\Antivirus 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Antivirus 2009
c:\windows\system32\config\systemprofile\Start Menu\Antivirus 2009\Antivirus 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
D:\Autorun.inf

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 01:53 . 2003-07-19 18:55 31616 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-01 01:48 . 2008-04-27 15:40 137447 -c--a-w- c:\windows\HPHins15.dat
2002-06-27 15:58 . 2002-06-27 15:58 41389 -c--a-w- c:\program files\lxaxsdrv.cat
2002-05-16 02:28 . 2002-05-16 02:28 5740 -c--a-w- c:\program files\lxaxsdrv.ini
2002-05-15 06:57 . 2002-05-15 06:57 9068 -c--a-w- c:\program files\lxaxspsz.gpd
2002-04-02 02:30 . 2002-04-02 02:30 8494 -c--a-w- c:\program files\lxaxsdrv.inf
2002-03-15 10:36 . 2002-03-15 10:36 4179 -c--a-w- c:\program files\lxaxsdrv.gpd
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[-] 2002-11-27 09:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW "= "nview.dll" [2003-03-03 831557]
"Acme.PCHButton "= "c:\progra~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe" [2003-04-10 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"StorageGuard "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 151597]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-03-03 4595712]
"nwiz "= "nwiz.exe" [2003-03-03 323584]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-04 50176]
"IgfxTray "= "c:\windows\System32\igfxtray.exe" [2003-03-12 155648]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-4-10 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/16/2009 8:54 AM 114768]
S2 mrtRate;mrtRate; [x]
S3 PCDRDRV;Pcdr Helper Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-12 c:\windows\Tasks\easy Internet sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-22 07:34]

2010-03-23 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe [2009-05-08 13:28]

2010-04-01 c:\windows\Tasks\PCHealth Scheduler for Upload Library.job
- c:\windows\PCHealth\UploadLB\Binaries\UploadM.exe [2001-01-06 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: securesite.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2m43amru.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 17:44
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\msctfime.ime
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(568)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(55932)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\docume~1\Owner\LOCALS~1\Temp\IadHide4.dll
c:\windows\System32\msctfime.ime
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-04-01 18:14:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-01 23:14

Pre-Run: 62,992,920,576 bytes free
Post-Run: 63,886,069,760 bytes free

- - End Of File - - E02C4C1B90ACF491701A3054B155CF9B

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:43 PM, on 4/1/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

--
End of file - 6055 bytes

Thanks, so far!

broni · 2010/04/01

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
qmgr.dll
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Blue Star · 2010/04/05

SystemLook Log....

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:53 on 07/04/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "qmgr.dll "
C:\WINDOWS\ERDNT\cache\qmgr.dll --a--- 221696 bytes [23:11 01/04/2010] [12:00 29/08/2002] 6A1CF14D0E7D0B2241F552223769C8A7
C:\WINDOWS\ServicePackFiles\i386\qmgr.dll -----c 382464 bytes [07:56 04/08/2004] [07:56 04/08/2004] 2C69EC7E5A311334D10DD95F338FCCEA
C:\WINDOWS\system32\bits\qmgr.dll -----c 361984 bytes [21:11 22/08/2004] [22:08 01/07/2004] 696AC82FB290A03F205901442E0E9589
C:\WINDOWS\system32\qmgr.dll ------ 221696 bytes [06:27 06/01/2001] [12:00 29/08/2002] 6A1CF14D0E7D0B2241F552223769C8A7

-=End Of File=-

broni · 2010/04/05

Please download OTM

Save it to your desktop.

Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Processes

:Services
      
:Reg

:Files
c:\windows\system32\qmgr.dll|C:\WINDOWS\ServicePackFiles\i386\qmgr.dll /replace
C:\WINDOWS\ERDNT\cache\qmgr.dll|C:\WINDOWS\ServicePackFiles\i386\qmgr.dll /replace

:Commands
[purity]
[emptytemp]
[Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Blue Star · 2010/04/05

Wow!!s to reboot and rrturn to this point after running OTM...

Log:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File c:\windows\system32\qmgr.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
File C:\WINDOWS\ERDNT\cache\qmgr.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 6420160 bytes
->Temporary Internet Files folder emptied: 3114682 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41810 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

OTM by OldTimer - Version 3.1.10.1 log created on 04072010_162720

Files moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\896B89AB\newreply[1].php moved successfully.
C:\WINDOWS\temp\_avast4_\Webshlock.txt moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_454.dat moved successfully.

Registry entries deleted on Reboot...

Blue Star · 2010/04/05

*took 1.25 hours to reboot... lol

broni · 2010/04/05

Sorry for that

Please, re-run Combofix and post fresh log.

Blue Star · 2010/04/05

ComboFix Log .....

ComboFix 10-04-04.01 - Owner 04/05/2010 19:47:26.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.247.13 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 23:25 . 2010-04-01 23:25 -------- d-----w- c:\program files\Trend Micro
2010-04-01 01:53 . 2003-07-19 18:55 31616 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-01 01:48 . 2008-04-27 15:40 137447 -c--a-w- c:\windows\HPHins15.dat
2002-06-27 15:58 . 2002-06-27 15:58 41389 -c--a-w- c:\program files\lxaxsdrv.cat
2002-05-16 02:28 . 2002-05-16 02:28 5740 -c--a-w- c:\program files\lxaxsdrv.ini
2002-05-15 06:57 . 2002-05-15 06:57 9068 -c--a-w- c:\program files\lxaxspsz.gpd
2002-04-02 02:30 . 2002-04-02 02:30 8494 -c--a-w- c:\program files\lxaxsdrv.inf
2002-03-15 10:36 . 2002-03-15 10:36 4179 -c--a-w- c:\program files\lxaxsdrv.gpd
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[-] 2002-11-27 09:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW "= "nview.dll" [2003-03-03 831557]
"Acme.PCHButton "= "c:\progra~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe" [2003-04-10 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"StorageGuard "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 151597]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-03-03 4595712]
"nwiz "= "nwiz.exe" [2003-03-03 323584]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-04 50176]
"IgfxTray "= "c:\windows\System32\igfxtray.exe" [2003-03-12 155648]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-4-10 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/16/2009 8:54 AM 114768]
S2 mrtRate;mrtRate; [x]
S3 PCDRDRV;Pcdr Helper Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-12 c:\windows\Tasks\easy Internet sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-22 07:34]

2010-04-06 c:\windows\Tasks\PCHealth Scheduler for Upload Library.job
- c:\windows\PCHealth\UploadLB\Binaries\UploadM.exe [2001-01-06 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: securesite.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2m43amru.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 20:03
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\msctfime.ime
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(564)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3524)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\docume~1\Owner\LOCALS~1\Temp\IadHide4.dll
c:\windows\System32\msctfime.ime
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-04-05 20:15:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 01:15
ComboFix2.txt 2010-04-01 23:14

Pre-Run: 64,225,759,232 bytes free
Post-Run: 64,341,762,048 bytes free

- - End Of File - - 3411B984405C28CA6A42C1B93E42B755

broni · 2010/04/05

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
c:\windows\system32\qmgr.dll
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
If the result says 0/42, you don't have to post logs.

Blue Star · 2010/04/06

0/39...

File qmgr.dll received on 2010.04.06 18:59:51 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 56 and 80 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.06 -
AhnLab-V3 5.0.0.2 2010.04.06 -
AntiVir 7.10.6.31 2010.04.06 -
Antiy-AVL 2.0.3.7 2010.04.06 -
Authentium 5.2.0.5 2010.04.06 -
Avast 4.8.1351.0 2010.04.06 -
Avast5 5.0.332.0 2010.04.06 -
AVG 9.0.0.787 2010.04.06 -
BitDefender 7.2 2010.04.06 -
CAT-QuickHeal 10.00 2010.04.06 -
ClamAV 0.96.0.3-git 2010.04.06 -
Comodo 4518 2010.04.06 -
DrWeb 5.0.2.03300 2010.04.06 -
eSafe 7.0.17.0 2010.04.06 -
eTrust-Vet 35.2.7411 2010.04.06 -
F-Prot 4.5.1.85 2010.04.06 -
F-Secure 9.0.15370.0 2010.04.06 -
Fortinet 4.0.14.0 2010.04.06 -
GData 19 2010.04.06 -
Ikarus T3.1.1.80.0 2010.04.06 -
Jiangmin 13.0.900 2010.04.06 -
Kaspersky 7.0.0.125 2010.04.06 -
McAfee-GW-Edition 6.8.5 2010.04.06 -
Microsoft 1.5605 2010.04.06 -
NOD32 5005 2010.04.06 -
Norman 6.04.11 2010.04.06 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.06 -
PCTools 7.0.3.5 2010.04.06 -
Prevx 3.0 2010.04.06 -
Rising 22.42.01.04 2010.04.06 -
Sophos 4.52.0 2010.04.06 -
Sunbelt 6143 2010.04.06 -
Symantec 20091.2.0.41 2010.04.06 -
TheHacker 6.5.2.0.256 2010.04.06 -
TrendMicro 9.120.0.1004 2010.04.06 -
VBA32 3.12.12.4 2010.04.05 -
ViRobot 2010.4.6.2263 2010.04.06 -
VirusBuster 5.0.27.0 2010.04.06 -
Additional information
File size: 221696 bytes
MD5...: 6a1cf14d0e7d0b2241f552223769c8a7
SHA1..: 540939501e10011323c846ad19aed156ee4c3fc7
SHA256: e6aba256525859492fed47e1c02cbea0c49c7562d97d33b5a5102a788c2f2945
ssdeep: 3072DQJetGRveA0YNqlu0GRwPEm3EatE81osmEsmzB4HaUihqNjAHIcGnzGT
wlkwn3EatE8xJ9UihTy

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x58bb
timedatestamp.....: 0x3d6df9e3 (Thu Aug 29 10:39:31 2002)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2e3c1 0x2e400 6.54 d52c07bdd941a68f5b6a253cb1edbe04
.data 0x30000 0x101e4 0x200 2.82 09e0071523decf4569484f8caba37831
.rsrc 0x41000 0x30b8 0x3200 3.28 d6fc0b471e9b13c2b604598b127aa70b
.reloc 0x45000 0x441e 0x4600 6.21 11b908560e87d87d25abe61b74fef4f3

( 16 imports )
> msvcrt.dll: malloc, _adjust_fdiv, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _except_handler3, wcslen, __CxxFrameHandler, free, _initterm, _wfullpath, wcsstr, _ftol, iswalpha, wcsncmp, _wcsicmp, memmove, swscanf, wcschr, wcstok, _CxxThrowException, wcsncpy, wcscmp, _purecall, _vsnwprintf
> ntdll.dll: RtlCreateHeap, NtRaiseException
> ADVAPI32.dll: OpenThreadToken, RegOpenKeyExW, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, FreeSid, CopySid, StartTraceW, EnableTrace, ControlTraceW, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, RegisterServiceCtrlHandlerExW, SetServiceStatus, CloseServiceHandle, ChangeServiceConfigW, OpenServiceW, OpenSCManagerW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, SetThreadToken, RevertToSelf, ImpersonateLoggedOnUser, SetSecurityDescriptorDacl, SetEntriesInAclW, GetTokenInformation, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, ImpersonateSelf, AccessCheck, MakeSelfRelativeSD, MakeAbsoluteSD, CheckTokenMembership, GetLengthSid, EqualSid, CreateProcessAsUserW, LogonUserW, OpenProcessToken, ConvertStringSidToSidW, ConvertSidToStringSidW, MapGenericMask, TraceEvent, RegSetValueExW, RegCreateKeyExW, GetTraceEnableFlags
> KERNEL32.dll: GlobalMemoryStatus, GetFileTime, GetVersionExW, lstrlenW, CompareFileTime, UnhandledExceptionFilter, QueueUserWorkItem, CreateDirectoryW, QueryPerformanceFrequency, DeleteFileW, FreeLibrary, InterlockedDecrement, InterlockedIncrement, GetLastError, DisableThreadLibraryCalls, Sleep, SetEvent, CloseHandle, WaitForSingleObject, CreateEventW, GetSystemTimeAsFileTime, LockResource, LoadResource, FindResourceW, GetProcAddress, LoadLibraryW, ExpandEnvironmentStringsW, InterlockedCompareExchange, HeapAlloc, HeapFree, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, SetWaitableTimer, LocalFree, LoadLibraryExW, FormatMessageW, GetModuleFileNameW, GetCurrentThreadId, DuplicateHandle, GetCurrentProcess, CreateFileW, CreateWaitableTimerW, SetLastError, GetExitCodeThread, WaitForMultipleObjects, CreateThread, CancelWaitableTimer, FileTimeToSystemTime, SystemTimeToFileTime, GetTickCount, ReleaseMutex, ReleaseSemaphore, TlsGetValue, CreateSemaphoreW, TlsSetValue, WaitForMultipleObjectsEx, TlsFree, ResetEvent, CreateMutexW, TlsAlloc, GetCurrentThread, LocalAlloc, GetCurrentProcessId, SetEndOfFile, SetFilePointerEx, GetFileSizeEx, FlushFileBuffers, WriteFile, ReadFile, InitializeCriticalSection, SleepEx, CancelIo, WideCharToMultiByte, SetFilePointer, SetThreadPriority, GetFileType, GetVolumeInformationW, MoveFileExW, SetFileAttributesW, GetFileAttributesW, SetFileTime, GetVolumePathNameW, GetFullPathNameW, GetVolumeNameForVolumeMountPointW, GetTempFileNameW, GetFileInformationByHandle, GetDriveTypeW, GlobalFree, QueryPerformanceCounter, lstrcmpW
> USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock
> ole32.dll: CoTaskMemAlloc, CoRegisterClassObject, CoImpersonateClient, CoTaskMemFree, IIDFromString, CoRevokeClassObject, StringFromGUID2, CoInitializeEx, CoCreateInstance, StringFromIID, CoInitializeSecurity, CoUninitialize
> OLEAUT32.dll: -, -, -, -
> WTSAPI32.dll: WTSEnumerateSessionsW, WTSQuerySessionInformationW, WTSFreeMemory
> RPCRT4.dll: UuidCreate, RpcBindingFree, RpcBindingSetAuthInfoExW, RpcBindingFromStringBindingW, NdrClientCall2
> USER32.dll: PeekMessageW, MsgWaitForMultipleObjectsEx, DispatchMessageW, PostThreadMessageW, RegisterDeviceNotificationW, UnregisterDeviceNotification, TranslateMessage
> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
> CRYPT32.dll: CryptProtectData, CryptUnprotectData
> SHFOLDER.dll: SHGetFolderPathW
> iphlpapi.dll: GetBestInterface, GetIpForwardTable, GetIfTable, GetIfEntry
> WS2_32.dll: -, -, WSASocketW, -, WSAIoctl, -, -, -
> WINHTTP.dll: WinHttpOpenRequest, WinHttpGetIEProxyConfigForCurrentUser, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpCloseHandle, WinHttpTimeFromSystemTime, WinHttpSetOption, WinHttpAddRequestHeaders, WinHttpQueryHeaders, WinHttpSetCredentials, WinHttpConnect, WinHttpOpen, WinHttpQueryAuthSchemes, WinHttpSetStatusCallback, WinHttpReadData, WinHttpCrackUrl, WinHttpGetProxyForUrl

( 2 exports )
BITSServiceMain, ServiceMain

RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Background Intelligent Transfer Service
original name: qmgr.dll
internal name: qmgr.dll
file version.: 6.2.2600.1106 (xpsp1.020828-1920)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

broni · 2010/04/06

Very good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Blue Star · 2010/04/06

Malwarebytes log... restarting next and will post hjt log in a few...

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3961

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

4/6/2010 9:15:33 PM
mbam-log-2010-04-06 (21-15-33).txt

Scan type: Quick scan
Objects scanned: 112142
Time elapsed: 14 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 220

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Application Data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-22 12-37-170 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-27 13-59-170 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-04 12-40-210 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-16 16-02-530 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-08-17 12-29-420 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-10-31 21-25-400 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-16 12-30-130 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-24 15-28-330 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-47-060 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-48-260 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-03 21-29-590 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-15 22-44-310 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-20 14-23-200 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Application Data\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 11-08-470.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 11-38-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 02-29-230.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 03-34-520.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 04-15-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 10-10-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-19 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-19 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-20 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-20 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-21 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-21 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-27 12-00-010.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-27 12-00-011.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-22 12-00-020.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-22 12-00-021.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-23 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-23 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-24 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-24 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-27 12-00-090.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-27 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-28 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-28 12-00-061.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-03 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-03 12-00-200.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-04 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-04 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-11 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-11 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-15 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-15 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-17 12-00-340.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-17 12-00-370.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-19 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-19 12-00-130.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-09-02 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-09-02 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-13 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-13 12-00-051.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-31 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-31 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-12-24 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-12-24 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-03 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-03 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-06 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-06 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-16 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-16 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-20 12-01-450.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-20 12-01-540.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-24 12-00-150.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-24 12-00-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-31 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-31 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-03 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-03 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-07 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-07 12-00-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-15 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-15 12-00-090.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-16 12-00-100.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-16 12-00-130.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-17 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-17 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-18 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-18 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-14 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-14 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-23 12-00-100.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-23 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-22 12-37-170\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-27 13-59-170\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-04 12-40-210\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-16 16-02-530\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-08-17 12-29-420\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-10-31 21-25-400\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-16 12-30-130\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-24 15-28-330\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-47-060\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-48-260\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-03 21-29-590\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-15 22-44-310\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-20 14-23-200\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix\definitions.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix\ErrorFix.exe (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix\ErrorFix.url (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix\privacy.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix Help.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix on the Web.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.

broni · 2010/04/06

Is that all, or more is coming?

Blue Star · 2010/04/06

to be all for malware bytes...

here's hjt....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:25 PM, on 4/6/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\PCHButton.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

--
End of file - 6560 bytes

Blue Star · 2010/04/06

seems to be all in the malwarebytes log... I rechecked it.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3961

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

4/6/2010 9:15:33 PM
mbam-log-2010-04-06 (21-15-33).txt

Scan type: Quick scan
Objects scanned: 112142
Time elapsed: 14 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 220

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Application Data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-22 12-37-170 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-27 13-59-170 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-04 12-40-210 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-16 16-02-530 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-08-17 12-29-420 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-10-31 21-25-400 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-16 12-30-130 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-24 15-28-330 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-47-060 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-48-260 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-03 21-29-590 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-15 22-44-310 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-20 14-23-200 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Application Data\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 11-08-470.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 11-38-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-13 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 02-29-230.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 03-34-520.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 04-15-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-14 10-10-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-19 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-19 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-20 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-20 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-21 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-21 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-27 12-00-010.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-27 12-00-011.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-22 12-00-020.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-22 12-00-021.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-23 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-23 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-24 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-24 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-27 12-00-090.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-27 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-28 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-06-28 12-00-061.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-03 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-03 12-00-200.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-04 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-04 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-11 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-11 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-15 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-07-15 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-17 12-00-340.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-17 12-00-370.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-19 12-00-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-08-19 12-00-130.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-09-02 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-09-02 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-13 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-13 12-00-051.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-31 12-00-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-10-31 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-12-24 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-12-24 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-03 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-03 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-06 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-06 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-16 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-16 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-20 12-01-450.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-20 12-01-540.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-24 12-00-150.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-24 12-00-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-31 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-01-31 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-03 12-00-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-03 12-00-031.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-07 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-07 12-00-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-15 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-15 12-00-090.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-16 12-00-100.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-16 12-00-130.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-17 12-00-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-17 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-18 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-02-18 12-00-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-14 12-00-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-14 12-00-070.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-23 12-00-100.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2010-03-23 12-00-110.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-20 14-27-190\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-22 12-37-170\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-24 13-00-110\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-06-27 13-59-170\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-04 12-40-210\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-11 13-38-560\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-07-16 16-02-530\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-08-17 12-29-420\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-10-31 21-25-400\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-16 12-30-130\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-24 15-28-330\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-47-060\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-01-31 16-48-260\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-03 21-29-590\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-15 22-44-310\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2010-02-20 14-23-200\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 03_06_16 PM_921.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 04_12_50 PM_046.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_24_39 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_16 AM_281.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 08_51_48 AM_796.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Log\2008 Apr 18 - 10_42_03 AM_484.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\ErrorRepairTool\Registry Backups\2008-04-17_01-23-24.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix\definitions.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix\ErrorFix.exe (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix\ErrorFix.url (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix\privacy.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix Help.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix on the Web.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix.lnk (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.

broni · 2010/04/06

OK.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

[color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

Log in or Sign up

Solved Mom's Machine Slow as Molasses....

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Mom's Machine Slow as Molasses....

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches