|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
February 28th, 2011, 09:31 AM
|
|||
|
|||
|
Antimalware Go
I have this malware in my system. On the lower right, there is this icon of a shield with an A inside, I believe that is the cause of this. There is a pop up with security alert. When I close that message it will eventually come back. If I try to do something like open up task manager or open a browser that message will immediately come back. Yellow shield with exclamation marks keep appearing on the lower right corner was well.
Can I please get some help. Thanks. 
|
|
#2
March 1st, 2011, 03:36 AM
|
||||
|
||||
|
Hello Super48,
Some scam security software variant. Let's take a look then start some repairs. To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear. ----------------- Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button. If RSIT downloads/installs HijackThis be sure to agree to the install of that. Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). You can break logs into parts and use separate posts here when replying and posting the log files, if needed. -------------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ------------- Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe). Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each: cd\ mbr.exe -t Then type exit and press Enter to close the command window. The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please. A lot of posting, but a good comprehensive look at things there.
|
|
#3
March 1st, 2011, 05:43 AM
|
|||
|
|||
|
Hi, thanks for taking your time to help me.
here is the log.txt Logfile of random's system information tool 1.08 (written by random/random) Run by user at 2011-02-28 20:41:58 Microsoft Windows XP Professional Service Pack 2 System drive D: has 222 MB (1%) free of 19 GB Total RAM: 1982 MB (81% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:42:04 PM, on 2/28/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\AIM\aim.exe D:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe D:\Documents and Settings\user\desktop\RSIT.exe D:\Program Files\trend micro\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&...52,16898,0,8,0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:33440 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [YBrowser] D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Documents and Settings\user\My Documents\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DW6] "D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [cchisawk] D:\DOCUME~1\user\LOCALS~1\Temp\frckexjxy\uedgnxkhm of.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PowerRPC Portmapper - Unknown owner - D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\pmapsvc.exe O23 - Service: Remote Solver for Flow Simulation 2009 - Mentor Graphics Corporation - D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe O23 - Service: smdl_fm_server - MSC.Software Corporation. - D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\smdl_fm_server.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 5989 bytes ======Scheduled tasks folder====== D:\WINDOWS\tasks\AppleSoftwareUpdate.job D:\WINDOWS\tasks\Registry Reviver-user-Startup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-22 1205560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-21 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-21 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - D:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll [2010-03-22 158520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {9D425283-D487-4337-BAB6-AB8354A81457} {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-22 1205560] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "VTTimer"=D:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248] "VTTrayp"=D:\WINDOWS\system32\VTtrayp.exe [2005-03-11 147456] "SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2004-02-09 65024] "WinampAgent"=D:\Program Files\Winamp\winampa.exe [2010-07-12 74752] "YBrowser"=D:\PROGRA~1\Yahoo!\browser\ybrwicon .exe [2003-12-09 57344] "PWRISOVM.EXE"=D:\Documents and Settings\user\My Documents\PowerISO\PWRISOVM.EXE [2010-04-12 180224] "SolidWorks_CheckForUpdates"=D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe [2009-03-19 7308584] "Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888] "iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2010-11-17 421160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "DW6"=D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [] "cchisawk"=D:\DOCUME~1\user\LOCALS~1\Temp\frckexjx y\uedgnxkhmof.exe [2011-02-27 337408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] D:\Program Files\AIM\aim.exe [2011-01-05 4321112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] D:\DOCUME~1\user\LOCALS~1\Temp\dwm.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2004-08-03 158208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [] D:\Documents and Settings\All Users\Start Menu\Programs\Startup Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "notification packages"= scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "NoDriveAutoRun"=0 "NoDriveTypeAutoRun"=149 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\Program Files\Common Files\AOL\Loader\aolload.exe"="D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "D:\Program Files\bmoworld\BomberMan.exe"="D:\Program Files\bmoworld\BomberMan.exe:*:Enabled:BomberMan" "D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\AVG\AVG10\avgmfapx.exe"="D:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer" "D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service" "D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "D:\Program Files\AIM\aim.exe"="D:\Program Files\AIM\aim.exe:*:Enabled:AIM" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .bat - edit - ======List of files/folders created in the last 1 months====== 2011-02-28 20:41:58 ----D---- D:\rsit 2011-02-28 20:38:46 ----D---- D:\Program Files\Common Files\Software Update Utility 2011-02-27 23:42:29 ----A---- D:\WINDOWS\ntbtlog.txt 2011-02-20 03:20:06 ----D---- D:\Documents and Settings\user\Application Data\fltk.org ======List of files/folders modified in the last 1 months====== 2011-02-28 20:42:04 ----D---- D:\Program Files\trend micro 2011-02-28 20:39:10 ----D---- D:\Program Files\AIM 2011-02-28 20:38:46 ----D---- D:\Program Files\Common Files 2011-02-28 20:36:41 ----A---- D:\WINDOWS\SchedLgU.Txt 2011-02-28 20:32:22 ----D---- D:\WINDOWS\temp 2011-02-28 20:31:58 ----D---- D:\Documents and Settings\user\Application Data\IM 2011-02-28 00:52:00 ----RD---- D:\Program Files 2011-02-27 23:42:29 ----D---- D:\WINDOWS 2011-02-27 23:14:53 ----D---- D:\WINDOWS\system32\drivers 2011-02-27 23:14:53 ----D---- D:\WINDOWS\Debug 2011-02-27 22:58:16 ----D---- D:\WINDOWS\Prefetch 2011-02-22 14:48:15 ----D---- D:\Documents and Settings\user\Application Data\U3 2011-02-21 20:58:05 ----D---- D:\Documents and Settings\user\Application Data\SolidWorks 2011-02-17 14:30:22 ----D---- D:\WINDOWS\system32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944] R0 uagp35;Microsoft AGPv3.5 Filter; D:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-03 44672] R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096] S1 SCDEmu;SCDEmu; D:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388] S3 ALCXSENS;Service for WDM 3D Audio Driver; D:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-23 611441] S3 EagleNT;EagleNT; D:\WINDOWS\system32\drivers\EagleNT.sys [] S3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-03 9600] S3 Mkd2kfNt;Mkd2kfNt; D:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2009-03-10 131456] S3 Mkd2Nadr;Mkd2Nadr; D:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104] S3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160] S3 npkcrypt;npkcrypt; D:\WINDOWS\system32\drivers\npkcrypt.sys [] S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984] S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 viagfx;viagfx; D:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-08-24 237312] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664] S2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376] S2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-03-21 153376] S2 PowerRPC Portmapper;PowerRPC Portmapper; D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\pmapsvc.exe [2001-06-06 28672] S2 Remote Solver for Flow Simulation 2009;Remote Solver for Flow Simulation 2009; D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-02-05 214312] S2 smdl_fm_server;smdl_fm_server; D:\MSC.Software\Patran\2010.1.2\Filemanager\exe\WI NNT\smdl_fm_server.exe [2010-06-12 90112] S2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S2 wlidsvc;Windows Live ID Sign-in Assistant; D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2008-07-25 69632] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe [2009-03-19 83240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-29 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2010-11-17 820008] S3 SolidWorks Licensing Service;SolidWorks Licensing Service; D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-11-05 79360] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
|
|
#4
March 1st, 2011, 05:45 AM
|
|||
|
|||
|
here is the info.txt
info.txt logfile of random's system information tool 1.08 2011-02-28 20:42:05 ======Uninstall list====== -->D:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf Adobe AIR-->d:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_P lugin.exe -maintain plugin Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001} AIM 7-->D:\Program Files\AIM\uninst.exe Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8} Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B} Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1} Bitvise Tunnelier 4.37 (remove only)-->"D:\Program Files\Bitvise Tunnelier\uninst.exe" Tunnelier Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8} BroadJump Client Foundation-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"D:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a CCleaner-->"D:\Program Files\CCleaner\uninst.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} COSMOSM 2009 (2009/070)-->MsiExec.exe /I{4A5DFD3A-9E05-4676-B2A4-EEED00AFB0FE} Coupon Printer for Windows-->"D:\Program Files\Coupons\uninstall.exe" "/U  :\Program Files\Coupons\Uninstall\uninstall.xml"Digimax Master-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly Download Updater (AOL LLC)-->D:\Program Files\Common Files\Software Update Utility\uninstall.exe HijackThis 2.0.2-->"D:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB915800)-->"D:\WINDOWS\$NtUninstallKB915800$\spuninst\spunin st.exe" Hotfix for Windows XP (KB915865)-->"D:\WINDOWS\$NtUninstallKB915865$\spuninst\spunin st.exe" Hotfix for Windows XP (KB919880)-->"D:\WINDOWS\$NtUninstallKB919880$\spuninst\spunin st.exe" Hotfix for Windows XP (KB942288-v3)-->"D:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" hp deskjet 940c series (Remove only)-->D:\Program Files\hp deskjet 940c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=940c -huninstall iTunes-->MsiExec.exe /I{FAE36873-1941-4076-A9A5-48812B5EA0B7} Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe" Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE} Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC} Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC} Move Networks Player for Internet Explorer-->"D:\Documents and Settings\user\Application Data\Move Networks\ie_bin\unins000.exe" Mozilla Firefox (3.6.13)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->D:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} OpenProj-->MsiExec.exe /I{13702021-43FB-480C-912F-D9B74A538288} Patran 2010.1.2-->"D:\Program Files\InstallShield Installation Information\{550B7AF5-E494-460B-8F1F-4995259C1EB3}\setup.exe" -runfromtemp -l0x0009 -removeonly PhotoView 360-->MsiExec.exe /I{F509DAEA-1209-4C53-90A0-02AF327AA814} PowerISO-->"D:\Documents and Settings\user\My Documents\PowerISO\uninstall.exe" QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D} Realtek AC'97 Audio-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Samsung USB Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything SBC Yahoo! Applications-->D:\PROGRA~1\Yahoo!\common\uninstall.exe Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SolidWorks 2009 SP03-->"D:\WINDOWS\SolidWorks\IM_20090-40300-1100-200\sldim\sldim.exe" /remove "D:\WINDOWS\SolidWorks\IM_20090-40300-1100-200\sldim\sldIM_installed.xml" SolidWorks 2009 SP03-->MsiExec.exe /X{35727E31-5D78-478A-B418-7E9A82729DB2} SolidWorks eDrawings 2009-->MsiExec.exe /I{80BA07B3-537F-4189-92F7-26E2BA76095A} SolidWorks Flow Simulation 2009 SP03-->MsiExec.exe /I{9D21FEB1-E044-4862-B7EC-243F493D4FA3} SolidWorks Motion 2009 SP03-->MsiExec.exe /I{31C59C03-4785-4390-BF26-6463E12DB6E9} SolidWorks Simulation 2009 SP03-->MsiExec.exe /I{9A17DAF6-944A-4D16-8988-29B405F08DA5} TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64} The Weather Channel Desktop 6-->D:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe VIA/S3G Display Driver-->D:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns VLC media player 0.9.9-->D:\Program Files\VideoLAN\VLC\uninstall.exe Winamp-->"D:\Program Files\Winamp\UninstWA.exe" Windows Imaging Component-->"D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.ex e" Windows Internet Explorer 8-->"D:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174} Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1} Windows Live Essentials-->D:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F} Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC} Windows Media Format Runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe =====HijackThis Backups===== O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing) [2010-03-12] O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing) [2010-03-12] O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing) [2010-03-12] O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing) [2010-03-20] ======Security center information====== AV: AVG Internet Security 2011 FW: AVG Firewall (disabled) ======System event log====== Computer Name: USER-2561BA0F00 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 74117 Source Name: Tcpip Time Written: 20101225114412.000000-480 Event Type: warning User: Computer Name: USER-2561BA0F00 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 74090 Source Name: Tcpip Time Written: 20101224232844.000000-480 Event Type: warning User: Computer Name: USER-2561BA0F00 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 74089 Source Name: Tcpip Time Written: 20101224215540.000000-480 Event Type: warning User: Computer Name: USER-2561BA0F00 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 74085 Source Name: Tcpip Time Written: 20101224205216.000000-480 Event Type: warning User: Computer Name: USER-2561BA0F00 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 74057 Source Name: Tcpip Time Written: 20101224121848.000000-480 Event Type: warning User: =====Application event log===== Computer Name: USER-2561BA0F00 Event Code: 1517 Message: Windows saved user USER-2561BA0F00\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 21594 Source Name: Userenv Time Written: 20100909123511.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: USER-2561BA0F00 Event Code: 1517 Message: Windows saved user USER-2561BA0F00\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 21587 Source Name: Userenv Time Written: 20100909013855.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: USER-2561BA0F00 Event Code: 1517 Message: Windows saved user USER-2561BA0F00\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 21580 Source Name: Userenv Time Written: 20100908081127.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: USER-2561BA0F00 Event Code: 1517 Message: Windows saved user USER-2561BA0F00\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 21573 Source Name: Userenv Time Written: 20100907012200.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: USER-2561BA0F00 Event Code: 1517 Message: Windows saved user USER-2561BA0F00\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 21566 Source Name: Userenv Time Written: 20100905174316.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=D:\MSC.Software\Patran\2010.1.2\bin;%Common ProgramFiles%\Microsoft Shared\Windows Live;%COSMOSM%;%SystemRoot%\system32;%SystemRoot%; %SystemRoot%\system32\wbem;D:\Program Files\QuickTime\QTSystem;D:\Program Files\Bitvise Tunnelier;D:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0209 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "COSMOSM"=D:\Program Files\SolidWorks Corp\COSMOS M "asl.log"=Destination=file "CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip "Path_backup"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%COSMOSM%;%SystemRoot%\system32;%SystemRoot%; %SystemRoot%\system32\wbem;D:\Program Files\QuickTime\QTSystem;D:\Program Files\Bitvise Tunnelier;D:\Program Files\QuickTime\QTSystem\ "SAFEBOOT_OPTION"=NETWORK -----------------EOF-----------------
|
|
#5
March 1st, 2011, 08:57 AM
|
|||
|
|||
|
here is the gmer one, this one took about 3hrs
GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-28 23:55:45 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b Maxtor_6E040L0 rev.NAR61590 Running: 5g69fen6.exe; Driver: D:\DOCUME~1\user\LOCALS~1\Temp\afpoypod.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9A75] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9A75] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9A75] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9A75] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005C0380] D:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005C0267] D:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] [005C02D5] D:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9967] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9B02] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA99EE] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) IAT D:\Program Files\AIM\aim.exe[1024] @ D:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9B8F] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.) ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\Mozilla Firefox\firefox.exe[2008] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- EOF - GMER 1.0.15 ----
|
|
#6
March 1st, 2011, 08:59 AM
|
|||
|
|||
|
the last one
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Maxtor_6E040L0 rev.NAR61590 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys 1 nt!IofCallDriver[0x804E3D45] -> \Device\Harddisk0\DR0[0x89B55AB8] 3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E3D45] -> \Device\0000005d[0x89B579E8] 5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E3D45] -> \Device\Ide\IdeDeviceP2T0L0-1b[0x89B56D98] kernel: MBR read successfully user & kernel MBR OK
|
|
#7
March 2nd, 2011, 03:57 AM
|
||||
|
||||
|
For now it looks like just some rogue malware startup settings showing. Let's act on that first. The logs show you only have Service pack 2 installed, so once these repairs are done you need to upgrade to SP3, with all the security and other improvements it brings. You can stay in Safe Mode for these next steps.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Make a copy of the following list, then close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:33440 ------------ Download ComboFix.exe from here to your desktop, then click that to run that scan. Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#8
March 2nd, 2011, 07:57 AM
|
|||
|
|||
|
here is the log
ComboFix 11-03-01.01 - user 03/01/2011 22:30:36.3.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1636 [GMT -8:00] Running from: d:\documents and settings\user\desktop\ComboFix.exe AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\documents and settings\All Users\Microsoft PData d:\documents and settings\user\Local Settings\Application Data\{833A63CE-3620-4A60-B08C-550C376659B3} d:\documents and settings\user\Local Settings\Application Data\{833A63CE-3620-4A60-B08C-550C376659B3}\chrome.manifest d:\documents and settings\user\Local Settings\Application Data\{833A63CE-3620-4A60-B08C-550C376659B3}\chrome\content\_cfg.js d:\documents and settings\user\Local Settings\Application Data\{833A63CE-3620-4A60-B08C-550C376659B3}\chrome\content\overlay.xul d:\documents and settings\user\Local Settings\Application Data\{833A63CE-3620-4A60-B08C-550C376659B3}\install.rdf D:\Documents . ((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 ))))))))))))))))))))))))))))))) . 2011-03-01 07:58 . 2011-03-01 07:58 89088 ----a-w- D:\mbr.exe 2011-03-01 04:41 . 2011-03-01 04:42 -------- d-----w- D:\rsit 2011-03-01 04:38 . 2011-03-01 04:38 -------- d-----w- d:\program files\Common Files\Software Update Utility 2011-02-20 11:20 . 2011-02-20 11:20 -------- d-----w- d:\documents and settings\user\Application Data\fltk.org . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2011-02-17 22:30 . 2010-07-11 18:30 398760 ----a-r- d:\windows\system32\cpnprt2.cid 2010-12-21 07:42 . 2010-12-21 07:42 18944 ----a-r- d:\documents and settings\user\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-08 53248] "VTTrayp"="VTtrayp.exe" [2005-03-12 147456] "SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024] "WinampAgent"="d:\program files\Winamp\winampa.exe" [2010-07-12 74752] "YBrowser"="d:\progra~1\Yahoo!\browser\ybrwicon.ex e" [2003-12-09 57344] "PWRISOVM.EXE"="d:\documents and settings\user\My Documents\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "SolidWorks_CheckForUpdates"="d:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-03-19 7308584] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160] d:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2011-01-05 17:11 4321112 ----a-w- d:\program files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2004-08-04 01:07 158208 ----a-w- d:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 19:43 248040 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= "d:\\Program Files\\AIM\\aim.exe"= R2 PowerRPC Portmapper;PowerRPC Portmapper;d:\msc.software\Patran\2010.1.2\Fileman ager\exe\WINNT\pmapsvc.exe [1/18/2011 10:48 AM 28672] R2 Remote Solver for Flow Simulation 2009;Remote Solver for Flow Simulation 2009;d:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2/5/2009 5:12 PM 214312] R2 smdl_fm_server;smdl_fm_server;d:\msc.software\Patr an\2010.1.2\Filemanager\exe\WINNT\smdl_fm_server.e xe 539117062 1 --> d:\msc.software\Patran\2010.1.2\Filemanager\exe\WI NNT\smdl_fm_server.exe 539117062 1 [?] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe [3/19/2009 11:31 AM 83240] S3 Mkd2kfNt;Mkd2kfNt;d:\windows\system32\drivers\Mkd2 kfNT.sys [9/11/2009 9:37 PM 131456] S3 Mkd2Nadr;Mkd2Nadr;d:\windows\system32\drivers\Mkd2 Nadr.sys [9/11/2009 9:37 PM 79104] . Contents of the 'Scheduled Tasks' folder 2010-12-29 d:\windows\Tasks\AppleSoftwareUpdate.job - d:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20101252,168 98,0,8,0 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html DPF: Microsoft XML Parser for Java FF - ProfilePath - d:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\e8yz79a0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z006&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Swag Bucks Community Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - HKCU-Run-DW6 - d:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe MSConfigStartUp-TkBellExe - d:\program files\Common Files\Real\Update_OB\realsched.exe ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-01 22:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1280) d:\windows\system32\msi.dll d:\windows\system32\ieframe.dll d:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe d:\program files\Bonjour\mDNSResponder.exe d:\program files\Java\jre6\bin\jqs.exe d:\msc.software\Patran\2010.1.2\Filemanager\exe\WI NNT\smdl_fm_server.exe d:\windows\system32\wdfmgr.exe d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe d:\windows\system32\VTTimer.exe d:\windows\system32\VTtrayp.exe d:\windows\SOUNDMAN.EXE d:\progra~1\Yahoo!\browser\ycommon.exe d:\program files\iPod\bin\iPodService.exe . ************************************************** ************************ . Completion time: 2011-03-01 22:47:35 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-02 06:47 Pre-Run: 136,818,688 bytes free Post-Run: 220,225,536 bytes free - - End Of File - - 59C321BF585AE2B0FCE491F17F2F5214 Last edited by Super48; March 2nd, 2011 at 08:02 AM.
|
|
#9
March 3rd, 2011, 02:07 AM
|
||||
|
||||
|
Looks like the malware was concentrating on Firefox there. ComboFix removed a bogus malware extension, so let's correct some equally bogus proxy settings, then check with some scans.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. In Firefox, go to Tools - Options - Advanced icon - Network tab - click the Settings button to the right under Connection. Make sure the following item is checked. If it is not, check it, then click OK, and OK again. Use system proxy settings You will need to close and re-open Firefox to complete that change. ------------------ Open and update Malwarebytes. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. --------------- Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: Remove found threats Scan unwanted applications Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives). Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please. If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan. Post that log and the Malwarebytes log please.
|
|
#10
March 3rd, 2011, 06:35 AM
|
|||
|
|||
|
here is the malwarebytes log, this one is long
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5939 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 3/2/2011 9:33:31 PM mbam-log-2011-03-02 (21-33-31).txt Scan type: Quick scan Objects scanned: 154195 Time elapsed: 9 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 13 Files Infected: 406 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mdnkso81qq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Error Fix (Rogue.ErrorFix) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: d:\documents and settings\user\application data\error fix (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\pcobackups (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450 (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-38-130 (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-40-410 (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-40-550 (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-42-310 (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-42-440 (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-47-440 (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-04 00-14-570 (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully. Files Infected: d:\documents and settings\user\application data\error fix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Logs\2009-11-03 23-32-390.log (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Logs\2009-11-03 23-45-450.log (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Logs\2009-11-03 23-55-450.log (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Logs\2009-11-03 23-58-400.log (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Logs\2009-11-04 00-09-040.log (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Logs\2009-11-04 00-09-260.log (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Logs\2009-11-04 00-12-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-100.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-101.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-102.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-103.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-104.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-105.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-106.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-107.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-108.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-109.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-110.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-111.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-112.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-113.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-250.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-251.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-252.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-253.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-254.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-255.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-256.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-257.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-258.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-259.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-260.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-261.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-262.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-263.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-264.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-265.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-266.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-267.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
|
|
#11
March 3rd, 2011, 06:35 AM
|
|||
|
|||
|
d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-93.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-94.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-95.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-96.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-97.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-98.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-99.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-114.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-132.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-150.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-169.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-187.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-204.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-222.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-268.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-286.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-303.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-321.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-358.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-115.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-116.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-117.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-118.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-119.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-120.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-121.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-122.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-123.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-124.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-125.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-126.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-127.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-128.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-129.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-130.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-131.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-133.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-134.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-135.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-136.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-137.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-138.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-139.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-140.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-141.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-142.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-143.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
|
|
#12
March 3rd, 2011, 06:36 AM
|
|||
|
|||
|
d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-144.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-145.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-146.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-147.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-148.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-149.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-151.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-152.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-153.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-154.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-155.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-156.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-157.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-158.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-159.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-160.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-161.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-162.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-163.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-164.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-165.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-166.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-167.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-168.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-170.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-171.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-172.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-173.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-174.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-175.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-176.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-177.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-178.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-179.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-180.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-181.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-182.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-183.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-184.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-185.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-186.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-188.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-189.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-190.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-191.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-192.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-193.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-194.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-195.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-196.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-197.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-198.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-199.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-200.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-201.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-202.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-203.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-205.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-206.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-207.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-208.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-209.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-210.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-211.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-212.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-213.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-214.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-215.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-216.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-217.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-218.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-219.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
|
|
#13
March 3rd, 2011, 06:37 AM
|
|||
|
|||
|
d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-220.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-221.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-223.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-224.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-225.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-226.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-227.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-228.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-229.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-230.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-231.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-232.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-233.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-234.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-235.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-236.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-237.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-238.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-239.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-240.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-241.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-242.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-243.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-244.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-245.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-246.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-247.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-248.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-249.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-269.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-270.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-271.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-272.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-273.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-274.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-275.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-276.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-277.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-278.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-279.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-280.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-281.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-282.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-283.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-284.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-285.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-287.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-288.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-289.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-290.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-291.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-292.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-293.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-294.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-295.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-296.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-297.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-298.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-299.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-300.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-301.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-302.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-304.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-305.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-306.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-307.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-308.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-309.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-310.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-311.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-312.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-313.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
|
|
#14
March 3rd, 2011, 06:38 AM
|
|||
|
|||
|
d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-314.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-315.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-316.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-317.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-318.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-319.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-320.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-322.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-323.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-324.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-325.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-326.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-327.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-328.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-329.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-330.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-331.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-332.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-333.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-334.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-335.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-336.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-337.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-338.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-339.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-340.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-341.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-342.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-343.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-344.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-345.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-346.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-347.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-348.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-349.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-350.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-351.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-352.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-353.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-354.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-355.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-356.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-357.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-359.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-360.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-361.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-362.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-363.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-364.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-365.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-366.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-367.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-368.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-369.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-370.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-371.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-372.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-373.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-374.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-375.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-376.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-377.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-378.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-379.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-380.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-381.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-382.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-383.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-384.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-385.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-35-450\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-38-130\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-40-410\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-40-550\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-42-310\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-42-440\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-03 23-47-440\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\quarantinew\2009-11-04 00-14-570\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully. d:\documents and settings\user\application data\error fix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
|
|
#15
March 3rd, 2011, 06:53 AM
|
|||
|
|||
|
ESET didn't pick up anything.
ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK can not get scanner. e_gle=1001 can not get scanner. e_gle=1001 DLL  ipe not connected. attempts=120can not get scanner. e_gle=1001 DLL ipe not connected. attempts=120ESETSmartInstaller@High as downloader log: all ok can not get scanner. e_gle=1001 DLL ipe not connected. attempts=120can not get scanner. e_gle=1001 DLL ipe not connected. attempts=120can not get scanner. e_gle=1001 DLL ipe not connected. attempts=120ESETSmartInstaller@High as downloader log: all ok can not get scanner. e_gle=1001 DLL ipe not connected. attempts=120# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=559a1c7cbd0ede43af185ab19292728c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-03 10:45:24 # local_time=2011-03-03 02:45:24 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777175 100 0 8675341 8675341 0 0 # compatibility_mode=1536 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=128494 # found=0 # cleaned=0 # scan_time=6091 Last edited by Super48; March 3rd, 2011 at 11:49 AM.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| antimalware doctor- combo fix log | k9mom007 | Malware Removal | 283 | September 23rd, 2010 10:55 PM |
| Antimalware doctor | Jerry56 | Windows XP | 4 | August 17th, 2010 06:56 PM |
| antimalware doctor | Saga286 | Malware Removal | 1 | July 29th, 2010 05:12 AM |
| Antimalware has taken over | Bonksie | Malware Removal | 22 | December 6th, 2009 02:23 PM |
| Malwarebytes AntiMalware | shkhaslam | Malware Removal | 4 | November 19th, 2009 04:18 AM |
All times are GMT +1. The time now is 04:26 AM.