Jump to content

Recommended Posts

Hi There, was wondering if anybody could help. Im kidna a newbie when it comes to computers. But Recently My AVAST Av has started popping up BLOCKING Malicious Url Every few mins... I Also get a msg about Svchost.exe being blocked or something...... Ive ran Spybot and delete malware, And am now running ESET online scanner which has found more....... Any1 got any idea What the problem is im having please? Thanks Johnny :)

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista / Windows7 Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6630

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

20/05/2011 23:47:27

MalwareLOG

Scan type: Quick scan

Objects scanned: 179535

Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 9

Files Infected: 309

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Error Fix (Rogue.ErrorFix) -> No action taken.

HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Error Fix (Rogue.ErrorFix) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\John\application data\error fix (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Logs (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\pcobackups (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110 (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080 (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Results (Rogue.ErrorFix) -> No action taken.

c:\program files\error fix (Rogue.ErrorFix) -> No action taken.

c:\program files\error fix\PW (Rogue.ErrorFix) -> No action taken.

Files Infected:

c:\documents and settings\John\application data\error fix\spy_ignore.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Logs\2011-05-17 23-56-460.log (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Logs\2011-05-18 11-46-010.log (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Logs\2011-05-18 11-57-020.log (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\filelist.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-0.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-1.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-10.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-100.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-101.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-102.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-103.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-104.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-105.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-106.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-107.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-108.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-109.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-11.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-110.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-111.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-112.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-113.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-250.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-251.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-252.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-26.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-27.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-28.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-29.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-3.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-30.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-31.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-32.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-33.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-34.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-35.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-36.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-37.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-38.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-39.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-4.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-40.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-41.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-42.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-44.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-45.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-46.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-47.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-48.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-49.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-5.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-50.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-51.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-52.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-53.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-54.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-55.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-56.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-57.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-58.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-59.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-6.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-60.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-62.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-63.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-64.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-65.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-66.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-67.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-68.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-69.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-7.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-70.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-71.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-72.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-73.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-74.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-75.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-76.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-77.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-78.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-79.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-80.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-81.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-82.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-83.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-84.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-85.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-86.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-87.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-88.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-89.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-9.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-90.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-91.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-92.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-93.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-94.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-95.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-96.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-97.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-98.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-99.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-114.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-132.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-150.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-169.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-187.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-204.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-222.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-25.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-43.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-61.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-8.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-115.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-116.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-117.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-118.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-119.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-12.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-120.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-121.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-122.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-123.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-124.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-125.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-126.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-127.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-128.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-129.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-13.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-130.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-131.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-133.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-134.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-135.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-136.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-137.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-138.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-139.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-14.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-140.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-141.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-142.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-143.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-144.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-145.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-146.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-147.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-148.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-149.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-15.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-151.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-152.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-153.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-154.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-155.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-156.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-157.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-158.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-159.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-16.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-160.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-161.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-162.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-163.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-164.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-165.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-166.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-167.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-168.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-17.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-170.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-171.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-172.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-173.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-174.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-175.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-176.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-177.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-178.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-179.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-18.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-180.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-181.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-182.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-183.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-184.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-185.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-186.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-188.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-189.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-19.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-190.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-191.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-192.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-193.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-194.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-195.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-196.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-197.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-198.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-199.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-2.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-20.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-200.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-201.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-202.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-203.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-205.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-206.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-207.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-208.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-209.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-21.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-210.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-211.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-212.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-213.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-214.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-215.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-216.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-217.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-218.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-219.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-22.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-220.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-221.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-223.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-224.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-225.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-226.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-227.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-228.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-229.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-23.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-230.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-231.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-232.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-233.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-234.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-235.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-236.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-237.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-238.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-239.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-24.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-240.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-241.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-242.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-243.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-244.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-245.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-246.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-247.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-248.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-00-110\regb-249.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-25.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\file0.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\file1.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\file2.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\filelist.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-0.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-1.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-10.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-11.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-12.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-13.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-14.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-15.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-16.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-17.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-18.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-19.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-2.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-20.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-21.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-22.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-23.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-24.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-26.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-27.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-28.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-29.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-3.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-30.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-31.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-32.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-33.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-34.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-35.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-36.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-4.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-5.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-6.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-7.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-8.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\quarantinew\2011-05-18 00-01-080\regb-9.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Results\Evidence.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Results\Junk.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Results\Registry.db (Rogue.ErrorFix) -> No action taken.

c:\documents and settings\John\application data\error fix\Results\Update.db (Rogue.ErrorFix) -> No action taken.

c:\program files\error fix\PW\general.html (Rogue.ErrorFix) -> No action taken.

c:\program files\error fix\PW\optimizations.html (Rogue.ErrorFix) -> No action taken.

c:\program files\error fix\PW\privacy.html (Rogue.ErrorFix) -> No action taken.

c:\program files\error fix\PW\scheduler.html (Rogue.ErrorFix) -> No action taken.

c:\program files\error fix\PW\startup.html (Rogue.ErrorFix) -> No action taken.

c:\program files\error fix\PW\wizard.css (Rogue.ErrorFix) -> No action taken.

Link to post
Share on other sites

It Said NO Threat Detected This Time,

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 6533

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

08/05/2011 21:12:46

mbam-log-2011-05-08 (21-12-46).txt

Scan type: Quick scan

Objects scanned: 199554

Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 15

Registry Values Infected: 3

Registry Data Items Infected: 6

Folders Infected: 6

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTBROWSE_SERVICE (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790776b176595032ac95 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\waahvabmypieqcb (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\John\Local Settings\Application Data\ysu.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\John\Local Settings\Application Data\ysu.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\John\Local Settings\Application Data\ysu.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Program Files\QuestBrwSearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\QuestBrwSearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome.manifest (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\install.rdf (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt in your next reply

Link to post
Share on other sites

Sorry posted wrong log then.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6630

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

21/05/2011 11:31:52

mbam-log-2011-05-21 (11-31-52).txt

Scan type: Quick scan

Objects scanned: 38948

Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

.

==== Installed Programs ======================

.

AAC Decoder

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.4

Adobe Shockwave Player 11.5

AutoUpdate

avast! Free Antivirus

BitTorrent

CCleaner

Cool Hand Poker

CPUID CPU-Z 1.51

Deus Ex

DivX Codec

DivX Converter

DivX Plus DirectShow Filters

DivX Version Checker

ffdshow

FreeArc 0.666

Google Chrome

Google Update Helper

H.264 Decoder

H264 Codecs

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB976002-v5)

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

LogMeIn Hamachi

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office FrontPage 2003

Microsoft Office Live Add-in 1.4

Microsoft Office Outlook Connector

Microsoft Office Professional Edition 2003

Microsoft Office Visio Professional 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MKV Splitter

Mozilla Firefox (3.5.19)

MSVCRT

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA PhysX

OGA Notifier 2.0.0048.0

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows XP (KB923789)

Segoe UI

ShortKeys Lite

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.762

VLC media player 1.1.5

WebFldrs XP

Winamp (remove only)

Winamp Detector Plug-in

Windows 7 Upgrade Advisor

Windows Defender

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

x264 Revision 534 x264.nl (remove only)

Yahoo! Messenger

.

==== End Of File ===========================

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by John at 14:46:14 on 2011-05-21

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uSearch Bar =

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247226748765

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\3q5ykd8o.default\

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}

FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R? AMService;AMService

R? cpuz132;cpuz132

R? fsssvc;Windows Live Family Safety Service

R? gupdate1ca016434175182;Google Update Service (gupdate1ca016434175182)

R? gupdatem;Google Update Service (gupdatem)

R? Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine

R? Lavasoft Kernexplorer;Lavasoft helper driver

R? WinDefend;Windows Defender

S? aswFsBlk;aswFsBlk

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? fssfltr;fssfltr

.

=============== Created Last 30 ================

.

2011-05-20 22:33:16 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-20 22:33:12 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-05-20 22:33:12 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-20 11:08:37 -------- dc----w- c:\program files\EMCO

2011-05-19 09:26:34 -------- dc----w- c:\program files\Lavasoft

2011-05-17 22:56:24 -------- dc----w- c:\program files\Downloaded Installers

2011-05-17 11:28:43 441176 -c--a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-17 11:28:34 40112 -c--a-w- c:\windows\avastSS.scr

2011-05-15 18:03:26 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-08 23:10:14 -------- dc----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2011-05-08 19:49:24 -------- dc----w- c:\documents and settings\john\application data\Malwarebytes

2011-05-08 19:49:15 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-06 11:31:06 7071056 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{a7277959-f156-40a0-a02a-376fb038aa3b}\mpengine.dll

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 -c--a-w- c:\windows\system32\inetcomm.dll

2011-03-03 13:21:11 1857920 -c--a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 14:53:35.42 ===============

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Sorry About The Delay My Friend...

ComboFix 11-05-22.01 - John 23/05/2011 13:52:12.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1499 [GMT 1:00]

Running from: c:\documents and settings\John\Desktop\ComboFix.exe

FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\John\Favorites\Download programs.url

c:\documents and settings\John\Favorites\Games.url

c:\documents and settings\John\Favorites\Translator.url

c:\documents and settings\John\Favorites\Videos.url

c:\program files\Downloaded Installers

C:\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))

.

.

2011-05-20 22:33 . 2010-12-20 17:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-20 22:33 . 2011-05-20 22:47 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-20 22:33 . 2010-12-20 17:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-05-20 11:08 . 2011-05-20 11:08 -------- dc----w- c:\program files\EMCO

2011-05-19 09:26 . 2011-05-19 09:26 -------- dc----w- c:\program files\Lavasoft

2011-05-15 18:03 . 2011-05-15 18:03 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-08 23:10 . 2011-05-08 23:10 -------- dc----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2011-05-08 19:49 . 2011-05-08 19:49 -------- dc----w- c:\documents and settings\John\Application Data\Malwarebytes

2011-05-08 19:49 . 2011-05-08 19:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-06 11:31 . 2011-04-11 07:04 7071056 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A7277959-F156-40A0-A02A-376FB038AA3B}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-11 07:04 . 2009-07-10 21:49 7071056 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-03-07 05:33 . 2009-07-10 01:44 692736 -c--a-w- c:\windows\system32\inetcomm.dll

2011-03-03 13:21 . 2008-04-14 12:00 1857920 -c--a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/09/2010 11:32 691696]

S2 AMService;AMService;c:\windows\TEMP\bfry\setup.exe run --> c:\windows\TEMP\bfry\setup.exe run [?]

S2 gupdate1ca016434175182;Google Update Service (gupdate1ca016434175182);c:\program files\Google\Update\GoogleUpdate.exe [10/07/2009 14:42 133104]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; [x]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/07/2009 14:42 133104]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 13:41]

.

2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 13:41]

.

2011-05-23 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\3q5ykd8o.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}

FF - Ext: Malware Search: {27c60876-b5c9-4335-b4f3-52b26782220c} - %profile%\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

Notify-TPSvc - TPSvc.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-23 13:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HD160JJ rev.WU100-41 -> Harddisk0\DR0 -> \Device\00000032

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B946F0]<<

c:\docume~1\John\LOCALS~1\Temp\catchme.sys

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89b9aa10]; MOV EAX, [0x89b9aa8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89BFDAB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000064[0x89C59F18]

5 ACPI[0xB9E74620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89BFD030]

\Driver\nvata[0x89B5EB60] -> IRP_MJ_CREATE -> 0x89B946F0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\00000063 -> \??\IDE#DiskSAMSUNG_HD160JJ_________________________WU100-41#33313632314A4C46313333373035000000000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-05-23 14:01:24

ComboFix-quarantined-files.txt 2011-05-23 13:01

.

Pre-Run: 47,664,107,520 bytes free

Post-Run: 47,903,174,656 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - C2A561AE9CECF5875BF6888062292B23

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.