Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Malwarebytes found 352 items - please help!


Recommended Posts

My computer was doing all kinds of strange stuff, but I was going out of town for 3 months, so I just turned it off and forgot about it. Well now I'm back home, and I have way too much on here to lose if I reformat (which is what the repair guys want to do). I'm really hoping I can get this fixed and running right again and still have all my stuff. Yes - I know I should have it backed up. I promise I will once I get through this.

When I tried to run Malwarebytes Full Scan, it crashed after it found 3 items. So I tried again except running a quick scan. It came back with 352 items. Here is the Malwarebytes Log:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5241

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

03/12/2010 22:29:52

mbam-log-2010-12-03 (22-29-52).txt

Scan type: Quick scan

Objects scanned: 151820

Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 11

Files Infected: 340

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\Owner\application data\antivirus2008y (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040 (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250 (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-18 12-02-190 (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\program files\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\Tasks\errorfix scan.job (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\regtool scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\resultsw.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\Logs\2009-03-09 14-54-170.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\Logs\2009-03-09 15-30-520.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\Logs\2009-03-09 15-48-240.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\Logs\2009-03-09 16-10-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-100.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-101.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-102.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-103.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-104.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-105.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-106.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-107.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-108.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-109.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-110.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-111.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-112.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-113.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-114.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-115.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-116.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-117.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-118.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-119.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-120.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-121.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-122.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-123.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-124.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-125.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-126.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-127.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-128.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-129.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-130.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-131.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-132.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-133.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-134.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-135.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-136.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-137.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-138.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-139.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-140.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-141.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-142.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-143.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-144.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-145.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-146.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-147.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-148.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-149.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-150.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-151.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-152.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-153.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-154.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-155.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-156.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-157.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-158.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-159.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-160.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-161.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-162.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-163.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-164.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-93.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-94.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-95.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-96.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-97.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-98.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\ErrorFix\quarantinew\2009-03-09 15-33-040\regb-99.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\resultsw.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs\2009-03-13 21-16-100.log (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs\2009-03-18 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs\2009-03-18 12-00-010.log (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs\2009-03-18 21-26-560.log (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs\2009-03-23 12-00-010.log (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs\2009-03-23 12-00-011.log (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs\2009-04-02 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\Logs\2009-04-02 12-00-010.log (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-13 21-17-250\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-18 12-02-190\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-18 12-02-190\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-18 12-02-190\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\RegTool\quarantinew\2009-03-18 12-02-190\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\program files\RegTool\definitions.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\program files\RegTool\privacy.db (Rogue.RegTool) -> Quarantined and deleted successfully.

c:\program files\RegTool\RegTool.url (Rogue.RegTool) -> Quarantined and deleted successfully.

Here is the DDS.txt document:

DDS (Ver_10-12-05.01) - NTFSx86

Run by Owner at 0:42:12.98 on 05/12/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.376 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tattoodle.com?tid={26D2946F-1BFB-482b-BCF9-3C2A17536A64}&v=12

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://us10.hpwis.com/

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://srch-us10.hpwis.com/

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [sunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

Trusted Zone: bankofamerica.com\www

Trusted Zone: bellsouth.net\www

Trusted Zone: yahoo.com\login

Trusted Zone: yahoo.com\us.ard

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\g4jz5r6r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\g4jz5r6r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-14 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-14 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-14 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-12-3 308136]

R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-2-16 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

=============== Created Last 30 ================

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

============= FINISH: 0:44:01.54 ===============

As requested, the Attach.txt was zipped and attached.

I could not get a report from the GMER Rootkit Scanner. After running a few minutes, I got the blue screen saying Windows had shut down my computer to prevent damage. Two of the codes listed on the Blue Screen were:

PFN_LIST_CORRUPT

***STOP: 0X0000004E, (0X00000007, 0X00022BE2, 0X00000001, 0X00000000)

Thank you very much.

Attach.zip

Link to post
Share on other sites

Hi MaggieBlue and Welcome!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Here is the Report you requested:

2010/12/06 07:59:26.0546 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01

2010/12/06 07:59:26.0546 ================================================================================

2010/12/06 07:59:26.0546 SystemInfo:

2010/12/06 07:59:26.0546

2010/12/06 07:59:26.0546 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/06 07:59:26.0546 Product type: Workstation

2010/12/06 07:59:26.0546 ComputerName: PEARL

2010/12/06 07:59:26.0546 UserName: Owner

2010/12/06 07:59:26.0546 Windows directory: C:\WINDOWS

2010/12/06 07:59:26.0546 System windows directory: C:\WINDOWS

2010/12/06 07:59:26.0546 Processor architecture: Intel x86

2010/12/06 07:59:26.0546 Number of processors: 2

2010/12/06 07:59:26.0546 Page size: 0x1000

2010/12/06 07:59:26.0546 Boot type: Normal boot

2010/12/06 07:59:26.0546 ================================================================================

2010/12/06 07:59:28.0125 Initialize success

2010/12/06 07:59:33.0265 ================================================================================

2010/12/06 07:59:33.0265 Scan started

2010/12/06 07:59:33.0265 Mode: Manual;

2010/12/06 07:59:33.0265 ================================================================================

2010/12/06 07:59:39.0125 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/06 07:59:39.0546 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/06 07:59:40.0343 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/06 07:59:40.0750 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/06 07:59:41.0421 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2010/12/06 07:59:42.0046 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/12/06 07:59:44.0140 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/12/06 07:59:45.0218 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/12/06 07:59:46.0781 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2010/12/06 07:59:48.0218 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys

2010/12/06 07:59:49.0265 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/06 07:59:52.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/06 07:59:52.0671 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/06 07:59:53.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/06 07:59:55.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/06 07:59:56.0125 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/12/06 07:59:57.0000 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/12/06 07:59:57.0671 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/12/06 07:59:58.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/06 07:59:59.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/06 08:00:00.0015 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/06 08:00:01.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/06 08:00:02.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/06 08:00:03.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/06 08:00:07.0437 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/06 08:00:08.0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/06 08:00:10.0000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/06 08:00:10.0906 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/06 08:00:12.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/06 08:00:12.0625 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/12/06 08:00:13.0390 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2010/12/06 08:00:14.0140 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys

2010/12/06 08:00:14.0812 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

2010/12/06 08:00:16.0125 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/06 08:00:17.0171 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/06 08:00:17.0828 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2010/12/06 08:00:18.0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/06 08:00:19.0406 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/06 08:00:19.0968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/12/06 08:00:20.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/06 08:00:21.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/06 08:00:22.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/06 08:00:22.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/06 08:00:23.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/06 08:00:25.0515 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/06 08:00:28.0218 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/06 08:00:29.0109 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/12/06 08:00:29.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/06 08:00:31.0843 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2010/12/06 08:00:32.0750 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/06 08:00:33.0703 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/06 08:00:34.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/06 08:00:35.0390 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/06 08:00:36.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/06 08:00:37.0125 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/06 08:00:37.0875 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/06 08:00:38.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/06 08:00:39.0484 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/06 08:00:40.0156 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/06 08:00:40.0750 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/06 08:00:41.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/06 08:00:43.0125 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2010/12/06 08:00:44.0390 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2010/12/06 08:00:45.0312 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2010/12/06 08:00:46.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/06 08:00:47.0109 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/06 08:00:48.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/06 08:00:48.0859 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/06 08:00:49.0812 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2010/12/06 08:00:50.0343 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2010/12/06 08:00:51.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/06 08:00:52.0562 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/06 08:00:53.0593 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/06 08:00:54.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/06 08:00:54.0687 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/06 08:00:55.0187 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/06 08:00:55.0687 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/06 08:00:56.0265 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/06 08:00:56.0875 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/06 08:00:57.0578 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4b) C:\WINDOWS\system32\drivers\MxlW2k.sys

2010/12/06 08:00:58.0296 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/06 08:00:59.0078 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/06 08:00:59.0484 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/06 08:00:59.0875 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/06 08:01:00.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/06 08:01:00.0859 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/06 08:01:01.0468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/06 08:01:01.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/06 08:01:02.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/06 08:01:02.0343 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/06 08:01:02.0609 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/06 08:01:03.0187 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/06 08:01:03.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/06 08:01:04.0593 nv (694de491fbf0573625ffe6a8a474b7b5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/12/06 08:01:05.0718 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2010/12/06 08:01:06.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/06 08:01:07.0171 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/06 08:01:07.0843 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/06 08:01:08.0609 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/06 08:01:09.0546 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/06 08:01:10.0375 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/06 08:01:11.0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/06 08:01:12.0000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/06 08:01:12.0468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/12/06 08:01:15.0812 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2010/12/06 08:01:16.0890 PID_0928 (4fd88efe733a120837d365f2cd143742) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS

2010/12/06 08:01:17.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/06 08:01:18.0484 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/12/06 08:01:19.0328 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/12/06 08:01:20.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/06 08:01:20.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/06 08:01:21.0312 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/12/06 08:01:24.0078 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/06 08:01:24.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/06 08:01:24.0890 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/06 08:01:25.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/06 08:01:25.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/06 08:01:26.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/06 08:01:26.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/06 08:01:26.0843 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/06 08:01:27.0375 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2010/12/06 08:01:27.0734 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2010/12/06 08:01:28.0203 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/06 08:01:28.0328 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/06 08:01:28.0515 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/06 08:01:28.0781 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/06 08:01:29.0812 SiS315 (7a363269d1b57526410fa23fc92cdfa1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2010/12/06 08:01:30.0187 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2010/12/06 08:01:30.0625 SiSkp (7ef8e5c266133638e7e06be03fcbeff3) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2010/12/06 08:01:31.0281 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/06 08:01:32.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/06 08:01:33.0046 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/06 08:01:34.0046 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/06 08:01:34.0984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/06 08:01:35.0515 SunkFilt (f658d6420b14bedb49c19e39e7d03594) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/12/06 08:01:36.0171 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/06 08:01:36.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/06 08:01:38.0031 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/06 08:01:38.0546 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/06 08:01:39.0359 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2010/12/06 08:01:39.0671 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/06 08:01:40.0656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/06 08:01:41.0312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/06 08:01:42.0640 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2010/12/06 08:01:43.0453 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/06 08:01:44.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/06 08:01:46.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/06 08:01:46.0843 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/06 08:01:47.0515 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/06 08:01:48.0375 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/12/06 08:01:49.0218 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/06 08:01:50.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/06 08:01:51.0125 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/06 08:01:52.0281 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2010/12/06 08:01:53.0046 viagfx (29d6a65fdc694cb1ef2cc6bbe5f79b3b) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2010/12/06 08:01:53.0750 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

2010/12/06 08:01:54.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/06 08:01:55.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/06 08:01:56.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/06 08:01:57.0203 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/12/06 08:01:58.0078 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/06 08:01:59.0218 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/06 08:02:00.0765 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/06 08:02:02.0015 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/12/06 08:02:03.0203 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/12/06 08:02:03.0687 ================================================================================

2010/12/06 08:02:03.0687 Scan finished

2010/12/06 08:02:03.0687 ================================================================================

Thank you for your help.

Link to post
Share on other sites

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Well ComboFix required that AVG be completed removed - not just disabled as your instructions state. After much wailing and gnashing of teeth, I found the link on AVGs forum to uninstall their program (no - simply going to control panal and uninstalling does not work).

Here's the ComboFix log:

ComboFix 10-12-04.06 - Owner 06/12/2010 10:18:30.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.630 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

c:\documents and settings\All Users\documents\setup.exe

c:\documents and settings\Owner\Application Data\PriceGong

c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml

c:\program files\INSTALL.LOG

c:\program files\SGPSA

c:\windows\a3kebook.ini

c:\windows\addins\litubac.bak1

c:\windows\addins\litubac.bak2

c:\windows\addins\litubac.ini

c:\windows\addins\litubac.ini2

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\AutoRun.ini

c:\windows\explorer(2).exe

c:\windows\ST6UNST.000

c:\windows\system32\linkinfo(2).dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\winhelp.ini

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))

.

2010-12-06 14:56 . 2010-12-06 14:56 -------- d-----w- c:\documents and settings\Owner\Application Data\URSoft

2010-12-06 14:56 . 2010-12-06 14:56 -------- d-----w- c:\program files\Your Uninstaller 2010

2010-12-04 04:47 . 2010-12-04 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-12-04 02:45 . 2010-12-04 02:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-12-04 02:44 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-04 02:44 . 2010-12-04 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-04 02:44 . 2010-12-04 02:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-04 02:44 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-04 02:31 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-04 02:31 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-04 02:31 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-04 02:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-04 02:30 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 17:23 . 2004-02-16 19:14 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-02-16 19:14 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-02-16 19:14 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-02-16 19:14 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-02-16 19:14 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-02-16 19:13 1469440 ------w- c:\windows\system32\inetcpl.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-21 32881]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-06 3022848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2003-11-14 32768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 2.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 2.lnk

backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]

LTMSG.exe 7 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

realsched.exe -osboot [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

2004-09-07 17:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]

2004-01-09 09:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everything]

2009-03-13 01:18 602624 ----a-w- c:\program files\Everything\Everything.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

2003-08-21 11:15 483328 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2003-08-21 11:23 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-08 00:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 21:11 565008 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 21:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2003-12-11 09:40 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-12-06 03:50 753664 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2003-11-04 00:50 221184 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-03-27 21:01 24103720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]

2003-10-29 15:17 135168 -c--a-w- c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2003-08-19 16:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"McciCMService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\CCleaner\\CCleaner.exe"=

"c:\\Program Files\\BroadJump\\Service Access Manager\\sam.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 0 (0x0)

"AllowOutboundTimeExceeded"= 0 (0x0)

"AllowRedirect"= 0 (0x0)

"AllowOutboundPacketTooBig"= 0 (0x0)

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [16/02/2004 13:47 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 16:46 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-11-22 c:\windows\Tasks\DriverCure.job

- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-01-21 05:38]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:46]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:46]

2010-12-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2010-11-23 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]

2010-12-05 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]

2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{BC0DDAAD-D9C0-4214-BD5A-FB5F6CB1589C}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tattoodle.com?tid={26D2946F-1BFB-482b-BCF9-3C2A17536A64}&v=12

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://srch-us10.hpwis.com/

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: bankofamerica.com\www

Trusted Zone: bellsouth.net\www

Trusted Zone: yahoo.com\login

Trusted Zone: yahoo.com\us.ard

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g4jz5r6r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g4jz5r6r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

MSConfigStartUp-VTTimer - VTTimer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-06 10:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3776716591-3572769542-3250536509-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7588)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\System32\nvsvc32.exe

c:\windows\system32\tcpsvcs.exe

c:\windows\System32\snmp.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-12-06 10:28:43 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-06 15:28

Pre-Run: 160,188,948,480 bytes free

Post-Run: 160,240,148,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 537F5BAF05F84CC3A5DDFB951AD44C45

Many thanks for your kind assistance.

Link to post
Share on other sites

AVG lets the bad guys in and keeps the good guys out. I use Avira.... ;) After you are done with the CFScript, you can install AVG.

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

Registry::
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"3587:TCP"=-

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

I will definitely get Avira when we're done here.

Any other suggestions?

Here is the most recent log:

ComboFix 10-12-04.06 - Owner 06/12/2010 11:28:16.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.696 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))

.

2010-12-06 14:56 . 2010-12-06 14:56 -------- d-----w- c:\documents and settings\Owner\Application Data\URSoft

2010-12-06 14:56 . 2010-12-06 14:56 -------- d-----w- c:\program files\Your Uninstaller 2010

2010-12-04 04:47 . 2010-12-04 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-12-04 02:45 . 2010-12-04 02:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-12-04 02:44 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-04 02:44 . 2010-12-04 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-04 02:44 . 2010-12-04 02:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-04 02:44 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-04 02:31 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-04 02:31 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-04 02:31 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-04 02:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-04 02:30 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 17:23 . 2004-02-16 19:14 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-02-16 19:14 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-02-16 19:14 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-02-16 19:14 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-02-16 19:14 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-02-16 19:13 1469440 ------w- c:\windows\system32\inetcpl.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-21 32881]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-06 3022848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2003-11-14 32768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 2.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 2.lnk

backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]

LTMSG.exe 7 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

realsched.exe -osboot [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

2004-09-07 17:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]

2004-01-09 09:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everything]

2009-03-13 01:18 602624 ----a-w- c:\program files\Everything\Everything.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

2003-08-21 11:15 483328 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2003-08-21 11:23 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-08 00:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 21:11 565008 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 21:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2003-12-11 09:40 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-12-06 03:50 753664 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2003-11-04 00:50 221184 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-03-27 21:01 24103720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]

2003-10-29 15:17 135168 -c--a-w- c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2003-08-19 16:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"McciCMService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\CCleaner\\CCleaner.exe"=

"c:\\Program Files\\BroadJump\\Service Access Manager\\sam.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 0 (0x0)

"AllowOutboundTimeExceeded"= 0 (0x0)

"AllowRedirect"= 0 (0x0)

"AllowOutboundPacketTooBig"= 0 (0x0)

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [16/02/2004 13:47 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 16:46 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-11-22 c:\windows\Tasks\DriverCure.job

- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-01-21 05:38]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:46]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:46]

2010-12-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2010-11-23 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]

2010-12-05 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]

2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{BC0DDAAD-D9C0-4214-BD5A-FB5F6CB1589C}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tattoodle.com?tid={26D2946F-1BFB-482b-BCF9-3C2A17536A64}&v=12

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://srch-us10.hpwis.com/

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: bankofamerica.com\www

Trusted Zone: bellsouth.net\www

Trusted Zone: yahoo.com\login

Trusted Zone: yahoo.com\us.ard

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g4jz5r6r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g4jz5r6r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-06 11:35

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3776716591-3572769542-3250536509-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4196)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\System32\nvsvc32.exe

c:\windows\system32\tcpsvcs.exe

c:\windows\System32\snmp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

.

**************************************************************************

.

Completion time: 2010-12-06 11:39:36 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-06 16:39

ComboFix2.txt 2010-12-06 15:28

Pre-Run: 160,336,125,952 bytes free

Post-Run: 160,323,432,448 bytes free

- - End Of File - - A9F53C2AC143A0B388D3CDC9164680F5

Thank you!

Link to post
Share on other sites

I also wanted to ask if I've had a rootkit infection.

I'm concerned if my computer is still safe.

I've changed all my financial-related passwords from a computer I know is safe.

I appreciate your input.

Thank you.

No your PC has no rootkits, but it would have if we did not remove what was done. Download:

  • Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support..

Perform a full scan with Avira after you update it and let it delete everything it is finding.

Then reboot.

After reboot, open your Avira and select "reports".

There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply

Link to post
Share on other sites

I installed Avira and ran the full scan.

Here is the report:

Avira AntiVir Personal

Report file date: Monday, 06 December, 2010 17:02

Scanning for 3124289 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : PEARL

Version information:

BUILD.DAT : 10.0.0.592 31823 Bytes 08-09-2010 11:00:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 08-02-2010 21:09:56

AVSCAN.DLL : 10.0.3.0 46440 Bytes 04-01-2010 18:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 08-02-2010 21:10:00

LUKERES.DLL : 10.0.0.1 12648 Bytes 02-11-2010 05:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11-06-2009 15:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11-19-2009 01:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 01-20-2010 23:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 01-26-2010 22:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 03-05-2010 17:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 04-15-2010 21:10:03

VBASE006.VDF : 7.10.7.218 2294784 Bytes 06-02-2010 21:10:04

VBASE007.VDF : 7.10.9.165 4840960 Bytes 07-23-2010 21:10:06

VBASE008.VDF : 7.10.11.133 3454464 Bytes 09-13-2010 21:59:23

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11-02-2010 21:59:31

VBASE010.VDF : 7.10.13.81 2048 Bytes 11-02-2010 21:59:31

VBASE011.VDF : 7.10.13.82 2048 Bytes 11-02-2010 21:59:31

VBASE012.VDF : 7.10.13.83 2048 Bytes 11-02-2010 21:59:32

VBASE013.VDF : 7.10.13.116 147968 Bytes 11-04-2010 21:59:32

VBASE014.VDF : 7.10.13.147 146944 Bytes 11-07-2010 21:59:33

VBASE015.VDF : 7.10.13.180 123904 Bytes 11-09-2010 21:59:34

VBASE016.VDF : 7.10.13.211 122368 Bytes 11-11-2010 21:59:35

VBASE017.VDF : 7.10.13.243 147456 Bytes 11-15-2010 21:59:36

VBASE018.VDF : 7.10.14.15 142848 Bytes 11-17-2010 21:59:37

VBASE019.VDF : 7.10.14.41 134144 Bytes 11-19-2010 21:59:38

VBASE020.VDF : 7.10.14.63 128000 Bytes 11-22-2010 21:59:39

VBASE021.VDF : 7.10.14.87 143872 Bytes 11-24-2010 21:59:40

VBASE022.VDF : 7.10.14.116 140800 Bytes 11-26-2010 21:59:41

VBASE023.VDF : 7.10.14.147 150528 Bytes 11-30-2010 21:59:42

VBASE024.VDF : 7.10.14.175 126464 Bytes 12-03-2010 21:59:43

VBASE025.VDF : 7.10.14.176 2048 Bytes 12-03-2010 21:59:43

VBASE026.VDF : 7.10.14.177 2048 Bytes 12-03-2010 21:59:43

VBASE027.VDF : 7.10.14.178 2048 Bytes 12-03-2010 21:59:43

VBASE028.VDF : 7.10.14.179 2048 Bytes 12-03-2010 21:59:43

VBASE029.VDF : 7.10.14.180 2048 Bytes 12-03-2010 21:59:43

VBASE030.VDF : 7.10.14.181 2048 Bytes 12-03-2010 21:59:44

VBASE031.VDF : 7.10.14.201 119296 Bytes 12-06-2010 21:59:44

Engineversion : 8.2.4.120

AEVDF.DLL : 8.1.2.1 106868 Bytes 08-02-2010 21:09:54

AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12-06-2010 22:00:01

AESCN.DLL : 8.1.7.2 127349 Bytes 12-06-2010 21:59:59

AESBX.DLL : 8.1.3.2 254324 Bytes 12-06-2010 22:00:01

AERDL.DLL : 8.1.9.2 635252 Bytes 12-06-2010 21:59:59

AEPACK.DLL : 8.2.4.1 512375 Bytes 12-06-2010 21:59:57

AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12-06-2010 21:59:55

AEHEUR.DLL : 8.1.2.52 3109238 Bytes 12-06-2010 21:59:55

AEHELP.DLL : 8.1.16.0 246136 Bytes 12-06-2010 21:59:50

AEGEN.DLL : 8.1.5.0 397685 Bytes 12-06-2010 21:59:49

AEEMU.DLL : 8.1.3.0 393589 Bytes 12-06-2010 21:59:48

AECORE.DLL : 8.1.19.0 196984 Bytes 12-06-2010 21:59:47

AEBB.DLL : 8.1.1.0 53618 Bytes 08-02-2010 21:09:48

AVWINLL.DLL : 10.0.0.0 19304 Bytes 08-02-2010 21:09:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 08-02-2010 21:09:55

AVREP.DLL : 10.0.0.8 62209 Bytes 06-17-2010 20:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 08-02-2010 21:09:55

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 08-02-2010 21:09:56

AVARKT.DLL : 10.0.0.14 227176 Bytes 08-02-2010 21:09:54

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 08-02-2010 21:09:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 06-17-2010 20:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 08-02-2010 21:09:56

NETNT.DLL : 10.0.0.0 11624 Bytes 06-17-2010 20:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 01-28-2010 19:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 08-02-2010 21:10:08

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +PFS,

Start of the scan: Monday, 06 December, 2010 17:02

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist

[NOTE] The registry entry is invisible.

c:\windows\explorer.exe

c:\WINDOWS\explorer.exe

[NOTE] The process is not visible.

The scan of running processes will be started

Scan process 'rsmsink.exe' - '31' Module(s) have been scanned

Scan process 'msdtc.exe' - '42' Module(s) have been scanned

Scan process 'dllhost.exe' - '62' Module(s) have been scanned

Scan process 'dllhost.exe' - '47' Module(s) have been scanned

Scan process 'vssvc.exe' - '50' Module(s) have been scanned

Scan process 'avscan.exe' - '70' Module(s) have been scanned

Scan process 'avcenter.exe' - '66' Module(s) have been scanned

Scan process 'ctfmon.exe' - '28' Module(s) have been scanned

Scan process 'avgnt.exe' - '48' Module(s) have been scanned

Scan process 'sched.exe' - '57' Module(s) have been scanned

Scan process 'avshadow.exe' - '29' Module(s) have been scanned

Scan process 'avguard.exe' - '58' Module(s) have been scanned

Scan process 'firefox.exe' - '117' Module(s) have been scanned

Scan process 'explorer.exe' - '112' Module(s) have been scanned

Scan process 'svchost.exe' - '36' Module(s) have been scanned

Scan process 'alg.exe' - '35' Module(s) have been scanned

Scan process 'LVComSer.exe' - '38' Module(s) have been scanned

Scan process 'jusched.exe' - '21' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'snmp.exe' - '46' Module(s) have been scanned

Scan process 'tcpsvcs.exe' - '36' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '30' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '19' Module(s) have been scanned

Scan process 'LVComSer.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'spoolsv.exe' - '57' Module(s) have been scanned

Scan process 'svchost.exe' - '55' Module(s) have been scanned

Scan process 'svchost.exe' - '49' Module(s) have been scanned

Scan process 'svchost.exe' - '36' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '178' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'svchost.exe' - '53' Module(s) have been scanned

Scan process 'lsass.exe' - '60' Module(s) have been scanned

Scan process 'services.exe' - '38' Module(s) have been scanned

Scan process 'winlogon.exe' - '68' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '425' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar22.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar35.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar36.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

C:\WINDOWS\Downloaded Program Files\pinstall.dll

[DETECTION] Contains recognition pattern of the ADSPY/Look2Me.D adware or spyware

C:\WINDOWS\SoftwareDistribution\Download\409eeb5b15ac5b9aeee323d7da0f978c\BIT32.tmp

[0] Archive type: CAB (Microsoft)

--> _sfx_0003._p

[WARNING] The file could not be written!

Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:

C:\WINDOWS\Downloaded Program Files\pinstall.dll

[DETECTION] Contains recognition pattern of the ADSPY/Look2Me.D adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '47f8d9db.qua'.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar36.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to the quarantine directory under the name '5f74f674.qua'.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar35.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to the quarantine directory under the name '0d2bac9c.qua'.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar22.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to the quarantine directory under the name '6b1ce35e.qua'.

End of the scan: Monday, 06 December, 2010 19:16

Used time: 1:16:41 Hour(s)

The scan has been done completely.

10782 Scanned directories

641934 Files were scanned

1 Viruses and/or unwanted programs were found

3 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

4 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

641930 Files not concerned

17406 Archives were scanned

1 Warnings

4 Notes

436355 Objects were scanned with rootkit scan

2 Hidden objects were found

Thank you very much.

Link to post
Share on other sites

There are some older versions of Java on your computer. These can be a source of infection.

[javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 22 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u122 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_22 from Sun Microsystems Inc.

-------------------------------------------------------------------

Your Computer is Clean

CLEAN-1.jpg

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial for Spywareblaster can be found here.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

1. Java updated

2. ComboFix uninstalled

3. Mostly use FF, so NoScript and WOT installed.

4. Changes made to IE

5. Checked Microsoft for updates - none needed

6. Regarding SpywareBlaster and Cookienater: how do they compare to Spybot? Are they replacements for Spybot?

7. Installed Secunia and beginning to update those programs found.

8. What about a firewall? Is the windows firewall sufficient? How do I check that it is working?

9. This computer lives at an elder relative's house, and I'm not able to check on it physically very often. Is there a way that I can connect to it remotely and run a weekly maintenance program? I'm afraid that if I don't work out something like that, then it will just become infected again, and we'll right back here soon.

Thank you very much.

Link to post
Share on other sites

8. What about a firewall? Is the windows firewall sufficient? How do I check that it is working?

9. This computer lives at an elder relative's house, and I'm not able to check on it physically very often. Is there a way that I can connect to it remotely and run a weekly maintenance program? I'm afraid that if I don't work out something like that, then it will just become infected again, and we'll right back here soon.

XP is not the best firewall. Online Armor Free does well. Visit:

http://www.online-armor.com/products-online-armor-free.php

As for remotely don't know to much on what software to use.

I do NOT work for MalwareBytes. I'm a volunteer here. But I would recommend to purchase the full version of MalwareBytes. There Realtime Protection Module monitors all processes and stops malicious processes before they start, so your computer will be safe.

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.