blue screen stop for vista (resolved)

Unknown

hi there for the last few week when ever i try to load up my computer it crasher with a error stop blue srceen here is one of the codes that come up with it


stop:0x0000008e(0xc0000005,0x8f40c7da,0x9ec64010,0x00000000)

but this is not the only one that comes up. i have tried to download hijackthis but it won't work. im working with windows vista home preimium
manufacturer: acer,model: aspirem5640,processor: intel(r) core(tm)2 quad cpu q8200 @2.33GHz 2.34GHz,memory(ram):4.00GB,system type:32-bit operating system.

it will let me load in safe mode and some times normal but if it dose then thigs don't work properly and then will crash again after a little bit anyway

so if anyone can help that would be great

Katana

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Failure to reply within 5 days will result in the topic being closed.
5. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
  
• GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log.
• Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

adam25

hi there Katana I would like to thank you before we start and say i will try do all you say. So here is the info from Random's System Information Tool

info.txt logfile of random's system information tool 1.06 2009-07-08 00:48:02
======Uninstall list======
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe" -uninstall
Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GameZone Console DTV 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer HomeMedia Trial Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\SETUP.EXE" -uninstall
Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer PlayMovie-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer TV Share-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C297A75-3111-4B3F-9264-84D61FF79F0D}\SETUP.exe" -uninstall
Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log"
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
Anti-Spyware (Aluria)-->MsiExec.exe /I{5D52D604-F3C0-45B4-9128-630B4AF57B13}
Anti-Virus (Command Software)-->MsiExec.exe /I{C1A5671F-3BD1-4EAE-B613-946BB890662D}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{22B90C20-2697-4790-A95E-56463563F2EF}
Authentium Web Install Helper-->rundll32.exe advpack.dll,LaunchINFSection AuthUninstall.inf,RemoveFiles,1,I
Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
BigPond (BIUS)-->MsiExec.exe /I{7AC7456D-0A2B-474D-A49F-B82708423D8E}
BigPond Connection Client-->MsiExec.exe /I{F6760F99-BFC8-476C-B0C7-6C11726F8E90}
BigPond Security-->"C:\Program Files\bigpond\security\app\repair.exe" -remove
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bookworm Deluxe-->"C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log"
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
Chicken Invaders 3-->"C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log"
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
ESP-->MsiExec.exe /I{73ABB44B-6C5A-4DC4-A0BE-176DBADA8C69}
Firewall (Core 2)-->MsiExec.exe /I{CA149887-D79F-4A83-8436-A9933011DBBC}
Firewall (User)-->MsiExec.exe /I{3BEFC9CE-F87D-4D98-8E82-36C5FA90D4D2}
Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log"
Governor of Poker-->"C:\Program Files\Acer GameZone Online\Governor of Poker\Uninstall.exe" "C:\Program Files\Acer GameZone Online\Governor of Poker\install.log"
Hardwood Solitaire Deluxe-->"C:\Program Files\Acer GameZone Online\Hardwood Solitaire Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone Online\Hardwood Solitaire Deluxe\install.log"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iDump (Freeware) Build:29-->"C:\Program Files\iDump (Freeware)\unins000.exe"
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
MoreRelevantAdvertisingProgram-->C:\Program Files\MoreRelevantAdvertisingProgram\uninstall.exe uninstall=morerelevantadvertisingprogram
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Pokemon Light-->MsiExec.exe /I{5A0C4270-DFDB-4B68-A442-B66941815306}
Poker Superstars III-->"C:\Program Files\Acer GameZone Online\Poker Superstars III\Uninstall.exe" "C:\Program Files\Acer GameZone Online\Poker Superstars III\install.log"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}
SPOREâ„¢ Creepy & Cute Parts Pack-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -runfromtemp -l0x0009 -removeonly
SPOREâ„¢-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Third Party Prerequisites-->MsiExec.exe /I{F6A31EEF-7DB9-4A46-B3BB-9DB5F117508D}
Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
War Chess-->"C:\Program Files\Acer GameZone Online\War Chess\Uninstall.exe" "C:\Program Files\Acer GameZone Online\War Chess\install.log"
Web Filtering (Base 2)-->MsiExec.exe /I{D3AB0F01-C515-4470-B9CA-8CB78FD42AE8}
Web Filtering (Base)-->MsiExec.exe /I{6AC20055-5E5B-48FA-9F5F-E778D354CE50}
Web Filtering (Kids Page)-->MsiExec.exe /I{2D02E0B0-D759-4F33-88E5-B83DDCB58473}
Web Filtering (RuleSpace CFI Anti-Phishing)-->MsiExec.exe /I{E9CD269E-EB1D-4410-AEA7-69AA098FCBCE}
Web Filtering (Rulespace CFI)-->MsiExec.exe /I{E852648A-DECB-47AE-B7CE-0EE76A484D8C}
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"
======Security center information======
AV: BP Security Anti-Virus (disabled) (outdated)
AS: Windows Defender
======System event log======
Computer Name: adam1-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 110627
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090707151055.000000-000
Event Type: Error
User:
Computer Name: adam1-PC
Event Code: 7001
Message: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Record Number: 110644
Source Name: Service Control Manager
Time Written: 20090707151058.000000-000
Event Type: Error
User:
Computer Name: adam1-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
mfehidk
spldr
Wanarpv6
Record Number: 110654
Source Name: Service Control Manager
Time Written: 20090707151058.000000-000
Event Type: Error
User:
Computer Name: adam1-PC
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A47979D2-C419-11D9-A5B4-001185AD2B89}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 110661
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090707151101.000000-000
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: adam1-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server:
{24F616A1-B755-4053-8018-C3425DC8B68A}
Record Number: 110666
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090707151434.000000-000
Event Type: Error
User:
=====Application event log=====

Computer Name: adam1-PC
Event Code: 1006
Message: The Windows Search Service has failed to create the SystemIndex search index. Internal error <7, 0x80071a91, Failed to save Crawl Scope Manager changes:

adam25

sorry here is the rest of the info log

======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=1707
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

---

EOF

---

adam25

and here is the log file
Logfile of random's system information tool 1.06 (written by random/random)
Run by adam at 2009-07-08 00:47:56
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 276 GB (86%) free of 322 GB
Total RAM: 3070 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:01 AM, on 8/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\adam\Desktop\RSIT.exe
C:\Program Files\trend micro\adam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: MoreRelevantAdvertisingProgram - {4E8D6551-F9A4-6D01-4D4B-BFD7673C0E3E} - C:\Program Files\MoreRelevantAdvertisingProgram\MoreRelevantAdvertisingProgram.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BigPond Connection Client] C:\Program Files\Telstra\BigPond Connection Client\BigPondCC.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\d\appdata\local\temp\SETUP0~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\d\appdata\local\temp\SETUP0~1.SH! (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - Gopher Prefix:
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://files.authentium.com/bigpond/bin/wizard.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{70CA8201-1BF2-4E7F-96A0-691F2D86D452}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer TV Share Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7748 bytes
======Scheduled tasks folder======
C:\Windows\tasks\ErrorFix Scan.job
C:\Windows\tasks\ErrorFix Startup.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E8D6551-F9A4-6D01-4D4B-BFD7673C0E3E}]
MoreRelevantAdvertisingProgram - C:\Program Files\MoreRelevantAdvertisingProgram\MoreRelevantAdvertisingProgram.dll [2009-04-13 157184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-03-25 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-04 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-12 4702208]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2007-12-07 196128]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"BigPond Connection Client"=C:\Program Files\Telstra\BigPond Connection Client\BigPondCC.exe [2008-09-30 1328128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2008-01-21 131584]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoSecCPL"=0
"NoDispCPL"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoDevMgrPage"=0
"NoConfigPage"=0
"NoVirtMemPage"=0
"NoFileSysPage"=0
"NoNetSetup"=0
"NoNetSetupIDPage"=0
"NoNetSetupSecurityPage"=0
"NoWorkgroupContents"=0
"NoEntireNetwork"=0
"NoFileSharingControl"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoThumbnailCache"=1
"NoFolderOptions"=00000000
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67fa8b38-0396-11de-be91-806e6f6e6963}]
shell\AutoRun\command - F:\setup.exe

======List of files/folders created in the last 1 months======
2009-07-08 00:47:56 ----D---- C:\rsit
2009-07-07 16:53:33 ----D---- C:\Users\adam\AppData\Roaming\Template
2009-07-07 15:35:25 ----D---- C:\Program Files\Trend Micro
2009-07-03 23:38:07 ----D---- C:\Windows\pss
2009-06-30 01:33:51 ----D---- C:\Users\adam\AppData\Roaming\InstallShield
2009-06-15 00:31:00 ----D---- C:\Program Files\iDump (Freeware)
2009-06-14 22:56:13 ----D---- C:\Users\adam\AppData\Roaming\vghd
2009-06-14 18:43:21 ----D---- C:\Program Files\iPod
2009-06-14 18:43:20 ----D---- C:\Program Files\iTunes
2009-06-14 17:09:39 ----D---- C:\Users\adam\AppData\Roaming\Apple Computer
2009-06-14 17:08:06 ----D---- C:\Program Files\QuickTime
2009-06-14 16:14:16 ----D---- C:\Users\adam\AppData\Roaming\ErrorFix
2009-06-13 00:22:18 ----D---- C:\Users\adam\AppData\Roaming\Google
2009-06-13 00:06:01 ----D---- C:\Program Files\Telstra
2009-06-12 16:33:04 ----D---- C:\Users\adam\AppData\Roaming\Adobe
2009-06-12 16:04:15 ----D---- C:\Users\adam\AppData\Roaming\Macromedia
2009-06-12 16:04:04 ----D---- C:\Users\adam\AppData\Roaming\Identities
2009-06-12 16:03:56 ----SD---- C:\Users\adam\AppData\Roaming\Microsoft
2009-06-12 16:03:56 ----D---- C:\Users\adam\AppData\Roaming\Media Center Programs
2009-06-12 16:03:56 ----D---- C:\Users\adam\AppData\Roaming\Acer GameZone Console
2009-06-10 23:55:56 ----A---- C:\Windows\ODBCINST.INI
2009-06-10 13:41:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-10 13:40:44 ----D---- C:\Program Files\Common Files\Adobe
2009-06-10 13:40:44 ----D---- C:\Program Files\Adobe
======List of files/folders modified in the last 1 months======
2009-07-08 00:44:35 ----D---- C:\Windows\Temp
2009-07-08 00:41:53 ----A---- C:\Windows\ntbtlog.txt
2009-07-08 00:40:16 ----D---- C:\Windows\Minidump
2009-07-08 00:40:08 ----D---- C:\Windows
2009-07-07 21:35:39 ----D---- C:\Windows\Prefetch
2009-07-07 16:32:45 ----D---- C:\Windows\system32\Tasks
2009-07-07 15:35:25 ----RD---- C:\Program Files
2009-07-07 00:10:15 ----SHD---- C:\Windows\Installer
2009-07-04 17:48:12 ----SHD---- C:\System Volume Information
2009-06-30 13:10:40 ----D---- C:\Windows\winsxs
2009-06-30 13:05:56 ----D---- C:\Windows\system32\catroot
2009-06-30 13:05:54 ----D---- C:\Program Files\Windows Mail
2009-06-30 10:55:27 ----D---- C:\Poker Application
2009-06-30 10:54:55 ----D---- C:\Programs
2009-06-30 02:10:17 ----D---- C:\ProgramData\NVIDIA
2009-06-30 01:40:06 ----D---- C:\Windows\system32\catroot2
2009-06-30 00:57:23 ----RD---- C:\Users
2009-06-29 23:32:44 ----SHD---- C:\$RECYCLE.BIN
2009-06-29 23:31:50 ----D---- C:\Windows\rescache
2009-06-29 23:26:47 ----D---- C:\Windows\system32\sysprep
2009-06-29 16:09:45 ----HD---- C:\ProgramData
2009-06-29 16:09:45 ----D---- C:\Windows\system32\drivers
2009-06-28 23:37:45 ----D---- C:\Windows\system32\WDI
2009-06-26 22:55:24 ----D---- C:\Windows\System32
2009-06-26 22:55:24 ----D---- C:\Windows\inf
2009-06-26 22:55:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-20 01:52:11 ----D---- C:\Windows\system32\LogFiles
2009-06-14 18:43:21 ----D---- C:\Program Files\Common Files\Apple
2009-06-14 00:53:43 ----D---- C:\ProgramData\Google
2009-06-14 00:09:09 ----SD---- C:\ProgramData\Microsoft
2009-06-10 13:41:11 ----D---- C:\ProgramData\Adobe
2009-06-10 13:41:10 ----D---- C:\Program Files\Common Files
2009-06-09 15:45:53 ----D---- C:\Windows\system32\NDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-10-23 130424]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-09-11 1035168]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver; C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-25 341504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-03-25 214024]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-09-01 39408]
S2 CSS DVP;Dynamic Virus Protection; C:\Windows\system32\DRIVERS\css-dvp.sys [2008-06-01 750904]
S2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
S2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
S2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
S2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-07 14544]
S2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-07 6080]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-20 3514368]
S3 authfwco;authfwco; C:\Windows\system32\DRIVERS\authfwco.sys [2009-01-27 22792]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-17 1971928]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-03-25 79880]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-03-25 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-03-25 40552]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-17 6144]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-04-04 43552]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
S3 Ph3xIB32;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-06-14 247808]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
S2 Acer TV Share Service;Acer TV Share Service; C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2008-01-25 269432]
S2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-18 28672]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-20 655360]
S2 AuthSysSvc;BigPond Security System Service; c:\Program Files\bigpond\security\App\syssvcnt.exe [2009-01-27 112160]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 dvpapi;DvpApi; c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe [2008-06-01 177448]
S2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
S2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
S2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-20 24576]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-18 61440]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-03-11 210216]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
S2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]

---

EOF

---

Katana

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
• If requested, please reboot
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
  
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  
• Double click combofix.exe & follow the prompts.
  
• When finished, it will produce a log. Please save that log to post in your next reply
  
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

---

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• MalwareBytes log
• Combofix log
• How are things running now ?

adam25

here is the gmer log you wanted

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-08 01:16:52
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----
Code 875FD2F8 ZwEnumerateKey
Code 875FD2C0 ZwFlushInstructionCache
Code 8760E41D IofCallDriver
Code 87605326 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCompleteRequest 82482FE2 5 Bytes JMP 8760532B
.text ntkrnlpa.exe!IofCallDriver 82504F6F 5 Bytes JMP 8760E422
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] USER32.dll!DialogBoxIndirectParamW 7711BD25 5 Bytes JMP 71D25B3B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] USER32.dll!DialogBoxParamW 77131FD5 5 Bytes JMP 71D25AC5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] USER32.dll!DialogBoxParamA 771580B2 5 Bytes JMP 71D25B00 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] USER32.dll!DialogBoxIndirectParamA 771583DD 5 Bytes JMP 71D25B76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] USER32.dll!MessageBoxIndirectA 7716D471 5 Bytes JMP 71D25A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] USER32.dll!MessageBoxIndirectW 7716D56B 5 Bytes JMP 71D25A3D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] USER32.dll!MessageBoxExA 7716D5D1 5 Bytes JMP 71D25A03 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] USER32.dll!MessageBoxExW 7716D5F5 5 Bytes JMP 71D259C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1716] SHELL32.dll!InitNetworkAddressControl + 2939 764D0064 4 Bytes [50, 26, 52, 02]
.text C:\Windows\Explorer.EXE[1764] SHELL32.dll!InitNetworkAddressControl + 2939 764D0064 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\PROGRA~1\WINZIP\winzip32.exe[460] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [031B27E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\PROGRA~1\WINZIP\winzip32.exe[460] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [031B1B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\PROGRA~1\WINZIP\winzip32.exe[460] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [031B2B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\PROGRA~1\WINZIP\winzip32.exe[460] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [031B11D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1716] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [025227E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1716] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [02521B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1716] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02522B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1716] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [025211D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74237BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742798C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7423D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7422F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74237599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7422E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7426B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7423D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7423012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74230095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742271F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742BD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742575E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7422DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7422668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742266BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74231E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----
Library [URL="file://\\?\globalroot\systemroot\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll"]\\?\globalroot\systemroot\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll[/URL] (*** hidden *** ) @ C:\Windows\system32\svchost.exe [728] 0x10000000
Library [URL="file://\\?\globalroot\systemroot\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll"]\\?\globalroot\systemroot\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll[/URL] (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1716] 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\Windows\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv [URL="file://\\?\globalroot\systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys"]\\?\globalroot\systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys[/URL]
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl [URL="file://\\?\globalroot\systemroot\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll"]\\?\globalroot\systemroot\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll[/URL]
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcclk [URL="file://\\?\globalroot\systemroot\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll"]\\?\globalroot\systemroot\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll[/URL]
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@FrequencyCorrectRate 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@PollAdjustFactor 5
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@LargePhaseOffset 50000000
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@SpikeWatchPeriod 900
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@LocalClockDispersion 10
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@HoldPeriod 5
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@PhaseCorrectRate 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@UpdateInterval 360000
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@EventLogFlags 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@AnnounceFlags 10
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@TimeJumpAuditOffset 28800
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@MinPollInterval 10
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@MaxPollInterval 15
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@MaxNegPhaseCorrection 54000
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@MaxPosPhaseCorrection 54000
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@MaxAllowedPhaseOffset 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@Enabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@InputProvider 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@EventLogFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 86400
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7af10e0???????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@Enabled 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@InputProvider 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@EventLogFlags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@ChainDisable 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv [URL="file://\\?\globalroot\systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys"]\\?\globalroot\systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys[/URL]
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl [URL="file://\\?\globalroot\systemroot\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll"]\\?\globalroot\systemroot\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll[/URL]
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcclk [URL="file://\\?\globalroot\systemroot\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll"]\\?\globalroot\systemroot\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll[/URL]
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcserv [URL="file://\\?\globalroot\systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys"]\\?\globalroot\systemroot\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys[/URL]
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcl [URL="file://\\?\globalroot\systemroot\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll"]\\?\globalroot\systemroot\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll[/URL]
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcclk [URL="file://\\?\globalroot\systemroot\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll"]\\?\globalroot\systemroot\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll[/URL]
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@FrequencyCorrectRate 4
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@PollAdjustFactor 5
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@LargePhaseOffset 50000000
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@SpikeWatchPeriod 900
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@LocalClockDispersion 10
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@HoldPeriod 5
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@PhaseCorrectRate 1
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@UpdateInterval 360000
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@EventLogFlags 2
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@AnnounceFlags 10
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@TimeJumpAuditOffset 28800
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@MinPollInterval 10
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@MaxPollInterval 15
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@MaxNegPhaseCorrection 54000
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@MaxPosPhaseCorrection 54000
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\Config@MaxAllowedPhaseOffset 1
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@Enabled 1
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@InputProvider 1
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@EventLogFlags 1
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 86400
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7af10e0???????????
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@Enabled 0
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@InputProvider 0
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@EventLogFlags 0
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@ChainDisable 0
Reg HKLM\SYSTEM\ControlSet003\Services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys 48128 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gxvxccount 4 bytes
File C:\Windows\System32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll 27649 bytes executable
File C:\Windows\System32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll 22529 bytes executable
---- EOF - GMER 1.0.15 ----

Katana

Did you see the post I made before you had the GMER log ?

adam25

yes sorry i did but i downloaded Malwarebytes' Anti-Malware but it won't load and its not letting me download combofix

adam25

i'll keep trying so fingers crossed

adam25

i have them both downloaded by they wont load in safe mode and if i do load my computer in normal and i try start them then they bring up a message that they have stopped working. ?

Katana

Please delete the copy of Combofix that you have and do the following ...


Download and Run ComboFix


Download Combofix from the link below. Save it to your desktop.

Link 1

(I have renamed the file)

Please try the following steps until Combofix (CleanMe.exe) runs. Then post the log.

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.


Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---

---

#1
Try double clicking the renamed file.

---

---

#2
Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\CleanMe.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

---

---

#3

Reboot in safe mode
You will now need to reboot in safe mode, you will not have internet access whilst you do the next part
Please copy/paste or print the following instructions.

You can boot in Safe Mode by restarting your computer, then continually tapping F5 OR F8 until a menu appears.
Use your up arrow key to highlight Safe Mode, then hit enter.

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\CleanMe.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

---

---

If you managed to get Combofix to run, please try running Malwarebytes now and post the log.

adam25

here is the combofix log
ComboFix 09-07-07.A9 - adam 09/07/2009 1:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3070.2447 [GMT 9.5:30]
Running from: c:\users\adam\Desktop\CleanMe.exe
AV: BP Security Anti-Virus *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: BP Security Firewall *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2014439561-814355023-1643226353-1000
c:\$recycle.bin\S-1-5-21-2014439561-814355023-1643226353-1002
c:\$recycle.bin\S-1-5-21-2014439561-814355023-1643226353-1004
C:\autorun.inf
c:\windows\Installer\25fc1.msi
c:\windows\system32\drivers\gxvxcepvaxtsotyprrwtdmmyoibhrviucnjfp.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxccsdoumbnvtxftklpxbbwsovgvseljbpw.dll
c:\windows\system32\gxvxceiqlntovsbnpcvxuedmetiqykxphpmhr.dll
D:\autorun.inf
E:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

\Service_GXVXCSERV.SYS

---

\Service_WinDHCPsvc

---

\Service_gxvxcserv.sys

((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.
2009-07-08 15:44 . 2009-07-08 15:47

---

d

---

w- c:\users\adam\AppData\Local\temp
2009-07-08 11:32 . 2009-07-08 11:32

---

d

---

w- c:\users\adam\AppData\Local\Apple
2009-07-08 10:04 . 2009-06-17 01:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 10:03 . 2009-07-08 10:04

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 10:03 . 2009-07-08 10:03

---

d

---

w- c:\progra~2\Malwarebytes
2009-07-08 10:03 . 2009-06-17 01:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 16:42 . 2009-07-07 16:42

---

d

---

w- c:\users\adam\AppData\Local\Adobe
2009-07-07 15:17 . 2009-07-07 15:18

---

d

---

w- C:\rsit
2009-07-07 07:23 . 2009-07-07 07:23

---

d

---

w- c:\users\adam\AppData\Roaming\Template
2009-07-07 06:05 . 2009-07-07 15:18

---

d

---

w- c:\program files\Trend Micro
2009-06-29 16:54 . 2009-06-29 16:54

---

d

---

w- c:\users\adam\AppData\Local\MigWiz
2009-06-29 16:03 . 2009-06-29 16:03

---

d

---

w- c:\users\adam\AppData\Roaming\InstallShield
2009-06-29 15:54 . 2009-06-29 15:54

---

d

---

w- c:\users\adam\AppData\Local\WinZip
2009-06-29 13:41 . 2009-06-29 13:41 680 ----a-w- c:\users\adam\AppData\Local\d3d9caps.dat
2009-06-14 15:01 . 2009-06-14 15:01

---

d

---

w- c:\program files\iDump (Freeware)
2009-06-14 13:29 . 2009-06-14 14:56 3 ----a-w- c:\windows\sbacknt.bin
2009-06-14 13:26 . 2009-06-14 13:26 152904 ----a-w- c:\windows\system32\vghd.scr
2009-06-14 13:26 . 2009-06-14 14:56

---

d

---

w- c:\users\adam\AppData\Roaming\vghd
2009-06-14 09:13 . 2009-06-14 09:13

---

d

---

w- c:\program files\iPod
2009-06-14 09:13 . 2009-06-14 09:13

---

d

---

w- c:\program files\iTunes
2009-06-14 07:39 . 2009-06-14 07:39

---

d

---

w- c:\users\adam\AppData\Roaming\Apple Computer
2009-06-14 07:38 . 2009-06-14 07:38

---

d

---

w- c:\program files\QuickTime
2009-06-14 07:36 . 2009-06-14 07:39

---

d

---

w- c:\users\adam\AppData\Local\Apple Computer
2009-06-14 06:44 . 2009-06-28 13:24

---

d

---

w- c:\users\adam\AppData\Roaming\ErrorFix
2009-06-12 14:59 . 2009-06-12 14:59 70104 ----a-w- c:\users\adam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-12 14:52 . 2009-06-12 14:52

---

d

---

w- c:\users\adam\AppData\Local\Google
2009-06-12 14:36 . 2009-06-12 14:36

---

d

---

w- c:\program files\Telstra
2009-06-12 11:45 . 2009-06-12 11:45

---

d

---

w- c:\users\adam\AppData\Local\Telstra_Corporation
2009-06-10 04:11 . 2009-06-10 04:11

---

d

---

w- c:\program files\Common Files\Adobe AIR
2009-06-10 04:10 . 2009-06-10 04:10

---

d

---

w- c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 07:23 . 2009-07-07 07:23 0 ----a-w- c:\users\adam\AppData\Roaming\wklnhst.dat
2009-06-30 03:35 . 2006-11-02 11:18

---

d

---

w- c:\program files\Windows Mail
2009-06-29 16:40 . 2008-03-16 19:20

---

d

---

w- c:\progra~2\NVIDIA
2009-06-14 09:13 . 2009-02-25 07:52

---

d

---

w- c:\program files\Common Files\Apple
2009-06-05 02:12 . 2009-06-05 02:12 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 02:12 . 2009-06-05 02:12 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-01 06:54 . 2009-06-01 06:19

---

d

---

w- c:\progra~2\Authentium
2009-06-01 06:43 . 2009-06-01 06:12

---

d

---

w- c:\program files\Common Files\Authentium Shared
2009-06-01 06:18 . 2009-06-01 06:18

---

d

---

w- c:\program files\Common Files\RuleSpace
2009-06-01 06:18 . 2009-06-01 06:18

---

d

---

w- c:\program files\Common Files\Aluria
2009-06-01 06:18 . 2009-06-01 06:18

---

d

---

w- c:\program files\Common Files\Authentium
2009-06-01 06:18 . 2009-06-01 06:18

---

d

---

w- c:\program files\bigpond
2009-05-29 14:22 . 2009-05-29 14:22

---

d

---

w- c:\progra~2\15503534
2009-05-20 13:31 . 2009-03-16 13:33

---

d

---

w- c:\program files\Safari
2009-05-01 16:38 . 2009-05-01 16:38 9151912 ----a-w- c:\users\Public\PokerStarsInstall.exe
2009-04-21 03:39 . 2008-03-16 19:45 106496 ----a-w- c:\windows\system32\atl71.dll
2009-04-21 03:39 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-21 03:39 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@=&quot;{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BigPond Connection Client"="c:\program files\Telstra\BigPond Connection Client\BigPondCC.exe" [2008-09-30 1328128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-01-09 113168]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-17 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=&quot;"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=&quot;"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{26FE9C91-6E60-48BC-B3AA-D79B7C59914D}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{3A374592-FBCD-4F39-ABAB-405F50B0F4AD}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{463C14C7-1B3F-4C00-8180-C1DD64411F7C}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{43D41F44-383A-4F98-84ED-19A25591C420}"= c:\program files\Acer Arcade Live\Acer TV Share\Acer TV Share.exe:Acer TV Share
"{D8B64F45-86D7-46A0-920E-D7F2FACBF3BA}"= c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.EXE:Acer TV Share Service
"{010FCD8F-C5A4-48E1-ACE0-3DDD1ADDD644}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C8179CE6-71C0-4080-A41F-4BC5E30B9414}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9B29818B-073A-4E65-8A93-57284D85EB87}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3735D828-EB75-45BA-81A4-31B65CFBB755}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [11/04/2008 4:09 AM 39408]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [17/03/2008 5:17 AM 269448]
R2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [25/02/2009 3:19 PM 269432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [26/02/2009 12:45 AM 210216]
R3 authfwco;authfwco;c:\windows\System32\drivers\authfwco.sys [1/06/2009 3:48 PM 22792]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [21/06/2008 2:41 AM 43552]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3/04/2007 10:43 AM 1131136]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [17/03/2008 4:33 AM 341504]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.bigpond.com/
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'Explorer.exe'(6068)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.

---

Other Running Processes

---

.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\bigpond\security\App\syssvcnt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\rundll32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehrec.exe
.
**************************************************************************
.
Completion time: 2009-07-08 1:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 15:49
Pre-Run: 290,044,710,912 bytes free
Post-Run: 289,729,392,640 bytes free
218 --- E O F --- 2009-05-17 08:00

adam25

and here is the Malwarebytes' Anti-Malware logfile
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1
9/07/2009 2:05:11 AM
mbam-log-2009-07-09 (02-05-11).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 196852
Time elapsed: 33 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 25
Files Infected: 420
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\morerelevantadvertisingprogram.morerelevantadvertisingprogram (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\morerelevantadvertisingprogram.morerelevantadvertisingprogram.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ddbf94da-a3f9-a0a0-b916-33351799ad17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{74227a16-0fa2-0406-d0ab-28b158dfd4c5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MoreRelevantAdvertisingProgram.dll (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MoreRelevantAdvertisingProgram (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MoreRelevantAdvertisingProgram (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MoreRelevantAdvertisingProgram (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 17-22-400 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 18-13-280 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-15 01-03-490 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-16 01-27-480 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-20 01-40-340 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-21 01-50-200 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-23 21-18-590 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-26 22-59-270 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 22-52-250 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 23-55-280 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030 (Rogue.ErrorFix) -> Quarantined and deleted successfully.

adam25

and here is some more

c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 16-17-030 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-23 00-51-080 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\morerelevantadvertisingprogram\MoreRelevantAdvertisingProgram.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\programdata\15503534\15503534.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\program files\morerelevantadvertisingprogram\uninstall.exe (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-14 16-14-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-14 17-25-260.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-14 18-32-440.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-14 21-04-290.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-15 23-02-490.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-15 23-42-570.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-16 09-27-550.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-16 23-38-180.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-17 23-43-530.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-19 00-26-250.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-20 01-31-150.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-20 01-36-260.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-20 01-42-290.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-21 01-39-220.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-21 01-45-570.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-21 17-36-200.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-21 23-18-080.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-22 15-56-530.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-23 21-12-010.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-23 23-51-060.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-25 01-11-400.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-26 11-02-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-26 22-55-370.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-26 22-56-340.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-26 23-13-260.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-26 23-15-320.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-26 23-25-500.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-26 23-49-380.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 00-01-030.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 00-44-360.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 00-55-120.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 01-57-460.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 22-48-490.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 23-01-230.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 23-11-300.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 23-13-470.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 23-16-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-28 23-49-460.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-29 00-21-360.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-29 16-07-050.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-29 16-09-550.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\Logs\2009-06-29 16-23-450.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 17-22-400\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 17-22-400\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 18-13-280\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 18-13-280\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 18-13-280\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-15 01-03-490\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-15 01-03-490\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-15 01-03-490\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-15 01-03-490\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-16 01-27-480\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-16 01-27-480\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-16 01-27-480\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-20 01-40-340\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-20 01-40-340\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-20 01-40-340\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-21 01-50-200\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-21 01-50-200\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-21 01-50-200\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-21 01-50-200\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-21 01-50-200\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-23 21-18-590\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-23 21-18-590\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-26 22-59-270\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-26 22-59-270\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 01-25-390\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 22-52-250\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 22-52-250\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 23-55-280\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 23-55-280\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-28 23-55-280\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 00-17-030\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 16-17-030\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\adam\AppData\Roaming\ErrorFix\quarantinew\2009-06-29 16-17-030\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\Logs\2009-06-02 13-50-580.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\Logs\2009-06-14 01-22-160.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\Logs\2009-06-22 23-43-180.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\Logs\2009-06-23 13-06-300.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-100.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-101.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-102.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-103.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-104.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-105.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-106.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-107.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-108.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-109.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-110.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-111.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-112.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-113.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-114.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-115.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-116.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-117.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-118.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-119.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-120.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-121.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-122.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-123.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-124.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-125.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-126.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-127.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-128.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-129.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-130.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.

adam25

and the rest
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-131.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-132.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-133.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-134.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-135.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-136.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-137.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-138.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-139.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-140.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-141.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-142.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-143.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-144.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-145.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-146.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-147.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-148.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-149.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-150.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-151.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-152.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-153.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-154.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-155.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-156.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-157.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-158.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-159.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-160.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-161.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-162.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-163.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-164.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-165.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-166.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-167.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-168.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-169.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-170.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-171.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-172.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-173.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-174.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-175.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-176.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-177.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-178.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-179.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-180.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-181.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-182.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-183.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-184.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-185.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-186.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-187.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-188.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-189.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-190.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-191.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-192.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-193.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-194.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-195.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-196.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-197.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-198.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-199.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-200.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-201.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-202.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-203.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-204.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-205.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-206.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-207.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-208.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-209.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-210.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-211.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-212.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-213.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-214.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-215.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-216.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-217.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-218.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-219.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-220.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-221.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-222.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-93.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-94.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-95.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-96.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-97.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-98.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-02 13-54-190\regb-99.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\file0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-14 01-27-280\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-23 00-51-080\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\Users\anyone\AppData\Roaming\ErrorFix\quarantinew\2009-06-23 00-51-080\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ErrorFix Scan.job (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Katana

WOW !!!
That shifted a lot

---

Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
c:\windows\System32\drivers\authfwco.sys
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti

---

Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

---

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• VirusTotal results
• Kaspersky Log
• How are things running now ?

adam25

File authfwco.sys received on 2009.07.09 12:50:59 (UTC)
AntivirusVersionLast UpdateResulta-squared4.5.0.182009.07.09-AhnLab-V35.0.0.22009.07.09-AntiVir7.9.0.2042009.07.09-Antiy-AVL2.0.3.12009.07.09-Authentium5.1.2.42009.07.08-Avast4.8.1335.02009.07.08-AVG8.5.0.3862009.07.09-BitDefender7.22009.07.09-CAT-QuickHeal10.002009.07.09-ClamAV0.94.12009.07.09-Comodo15922009.07.09-DrWeb5.0.0.121822009.07.09-eSafe7.0.17.02009.07.09-eTrust-Vet31.6.66062009.07.09-F-Prot4.4.4.562009.07.08-F-Secure8.0.14470.02009.07.09-Fortinet3.117.0.02009.07.03-GData192009.07.09-IkarusT3.1.1.64.02009.07.09-Jiangmin11.0.7062009.07.09-K7AntiVirus7.10.7872009.07.08-Kaspersky7.0.0.1252009.07.09-McAfee56702009.07.08-McAfee+Artemis56702009.07.08-McAfee-GW-Edition6.8.52009.07.09-Microsoft1.48032009.07.09-NOD3242282009.07.09-Norman6.01.092009.07.08-nProtect2009.1.8.02009.07.09-Panda10.0.0.142009.07.08-PCTools4.4.2.02009.07.09-Prevx3.02009.07.09-Rising21.37.34.002009.07.09-Sophos4.43.02009.07.09-Sunbelt3.2.1858.22009.07.09-Symantec1.4.4.122009.07.09-TheHacker6.3.4.3.3632009.07.08-TrendMicro8.950.0.10942009.07.09-VBA323.12.10.72009.07.09-ViRobot2009.7.9.18272009.07.09-VirusBuster4.6.5.02009.07.08-
Additional informationFile size: 22792 bytesMD5...: c5b534991a5bbf63e84a45e3349977a4SHA1..: e68884d763be5d23ab3aab0d35418aea05caf00dSHA256: 8d32e8573679f7bd72ee0e58827a310bd0d177444ce016735e545111ba634713ssdeep: 384:pOye+Ioy6h/OfsWFbtq4SjzV6yelLT55LLYJLWdnRbjU:i0hGfrFpq4DrLl5<BR>eLsRbjU<BR>PEiD..: -TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x6005<BR>timedatestamp.....: 0x4741a549 (Mon Nov 19 15:01:29 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x29b5 0x2a00 5.77 e2f908bb7c8bbda1cc93380bfd1ad156<BR>.rdata 0x4000 0x228 0x400 2.78 905fa79bac30bf19e841f53461507776<BR>.data 0x5000 0x4f4 0x200 0.26 548ad5742b1fc67712094cd256bb3f3d<BR>INIT 0x6000 0x730 0x800 4.95 7c9ea770e32751829f6f01bcd1caba35<BR>.rsrc 0x7000 0x368 0x400 2.91 75edd5732288264acfc65baede699d31<BR>.reloc 0x8000 0x3fa 0x400 4.94 bf32fc475e821e0785793e8516c2f863<BR><BR>( 4 imports ) <BR>> ntoskrnl.exe: RtlCompareMemory, KeSetEvent, KeQuerySystemTime, IoAllocateMdl, DbgPrint, DbgPrintEx, KeInsertQueueDpc, MmMapLockedPages, KeTickCount, KeBugCheckEx, RtlUnwind, IoFreeMdl, memcpy, RtlAssert, KeGetCurrentThread, ExEventObjectType, ObReferenceObjectByHandle, KeClearEvent, ObfDereferenceObject, InterlockedPushEntrySList, InterlockedPopEntrySList, memset, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, ExFreePoolWithTag, ExAllocatePoolWithTag, ZwClose, IofCompleteRequest, RtlInitUnicodeString, IoCreateDevice, KeInitializeDpc, IoCreateSymbolicLink, IoDeleteSymbolicLink, MmBuildMdlForNonPagedPool, IoDeleteDevice<BR>> HAL.dll: KeGetCurrentIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeQueryPerformanceCounter<BR>> NDIS.SYS: NdisFreeGenericObject, NdisFreeNetBufferListPool, NdisAllocateNetBufferListPool, NdisAllocateGenericObject, NdisAdvanceNetBufferDataStart, NdisGetDataBuffer, NdisRetreatNetBufferDataStart<BR>> fwpkclnt.sys: FwpsInjectionHandleDestroy0, FwpsInjectionHandleCreate0, FwpsCalloutRegister0, FwpsCalloutUnregisterById0, FwpsCopyStreamDataToBuffer0, FwpsQueryPacketInjectionState0, FwpsAllocateCloneNetBufferList0, FwpsFreeNetBufferList0, FwpsStreamInjectAsync0, FwpsAllocateNetBufferAndNetBufferList0, FwpsFreeCloneNetBufferList0, FwpsInjectTransportReceiveAsync0, FwpsInjectTransportSendAsync0<BR><BR>( 0 exports ) <BR>PDFiD.: -RDS...: NSRL Reference Data Set<BR>-

adam25

---

KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 10, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 09, 2009 12:59:55
Records in database: 2449369

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Critical Areas:
C:\Program Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Windows
Scan statistics:
Files scanned: 108097
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:49:35

File name / Threat name / Threats count
C:\Windows\system\cncs32.dll Infected: Trojan-Banker.Win32.Banker.afwk 1
C:\Windows\System32\cncs32.dll Infected: Trojan-Banker.Win32.Banker.afwk 1
The selected area was scanned.

Katana

How are things running now ?


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Windows\system\cncs32.dll
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\Windows\System32\cncs32.dll

If Virustotal is too busy please try Jotti

adam25

File cncs32.dll received on 2009.07.10 14:02:46 (UTC)
AntivirusVersionLast UpdateResulta-squared4.5.0.182009.07.10-AhnLab-V35.0.0.22009.07.10Win-Trojan/Banker.172032.DAntiVir7.9.0.2042009.07.10-Antiy-AVL2.0.3.12009.07.10-Authentium5.1.2.42009.07.09-Avast4.8.1335.02009.07.09-AVG8.5.0.3872009.07.10-BitDefender7.22009.07.10-CAT-QuickHeal10.002009.07.10TrojanBanker.Banker.afwkClamAV0.94.12009.07.10-Comodo16042009.07.10-DrWeb5.0.0.121822009.07.10-eSafe7.0.17.02009.07.09-eTrust-Vet31.6.66072009.07.10-F-Prot4.4.4.562009.07.09-F-Secure8.0.14470.02009.07.10Trojan-Banker.Win32.Banker.afwkFortinet3.117.0.02009.07.03-GData192009.07.10-IkarusT3.1.1.64.02009.07.10-Jiangmin11.0.7062009.07.09TrojanSpy.Banker.uwuK7AntiVirus7.10.7882009.07.09-Kaspersky7.0.0.1252009.07.10Trojan-Banker.Win32.Banker.afwkMcAfee56712009.07.09-McAfee+Artemis56712009.07.09-McAfee-GW-Edition6.8.52009.07.10Heuristic.LooksLike.Sophos MalGeneric-A.HMicrosoft1.48032009.07.10-NOD3242322009.07.10-Norman6.01.092009.07.09-nProtect2009.1.8.02009.07.10Trojan-Spy/W32.Banker.172032.CPanda10.0.0.142009.07.09-PCTools4.4.2.02009.07.10-Prevx3.02009.07.10-Rising21.37.44.002009.07.10-Sophos4.43.02009.07.10-Sunbelt3.2.1858.22009.07.10-Symantec1.4.4.122009.07.10-TheHacker6.3.4.3.3632009.07.08-TrendMicro8.950.0.10942009.07.10-VBA323.12.10.82009.07.10-ViRobot2009.7.10.18292009.07.10-VirusBuster4.6.5.02009.07.09Trojan.PWS.Banker.BSOL
Additional informationFile size: 172032 bytesMD5...: f9fb7512a032b3b1aeed929f16fcad49SHA1..: 2083c654ee9d58bb98f3c192b9bbe45b381cf88dSHA256: 0dad052e60c415bf250f1e33f8ffc3c02c3d39013e6a385a62347cdc69e3c784ssdeep: 3072:vUY+DvDuBM31j4XO0WlZek7dc2Bfb8fOjE9LCnHtZbRhw5+2zdF:s5DbSMF<BR>37dhBf10LCnHP2<BR>PEiD..: -TrID..: File type identification<BR>-PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1b410<BR>timedatestamp.....: 0x38a00ea5 (Tue Feb 08 12:40:05 2000)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 7 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x203d0 0x20400 6.73 3ed499b2cf2152279379825d21c90729<BR>INIT_TEX 0x22000 0x740 0x800 5.71 47d7e8b771cbe95e519c9fafead96ca4<BR>.rdata 0x23000 0x1d8a 0x1e00 5.42 d96364dd590f21735ee8cd2ada84ed33<BR>.data 0x25000 0x4a84 0x3200 3.10 76a9611bb711abd73b3f6b7d39faa00b<BR>.idata 0x2a000 0x1690 0x1800 5.35 e2f47c9b8b1c46d6b1cc4eccdfd4aed9<BR>.rsrc 0x2c000 0xa30 0xc00 4.00 9383d5cdded196ce9dee89141ec2b055<BR>.reloc 0x2d000 0x1bc6 0x1c00 6.23 7a0c71b249bd70970e511784b851511c<BR><BR>( 5 imports ) <BR>> WINMM.dll: waveOutPrepareHeader, mciSendCommandA, waveOutReset, waveOutWrite, waveOutUnprepareHeader, timeSetEvent, waveOutClose, waveOutOpen, timeGetTime, timeKillEvent, timeGetDevCaps<BR>> KERNEL32.dll: _lclose, _lopen, _hread, _lread, lstrcatA, _llseek, GlobalDeleteAtom, GlobalReAlloc, SetEnvironmentVariableA, HeapReAlloc, GetModuleHandleA, GetPrivateProfileIntA, GlobalSize, lstrcpyA, SetCurrentDirectoryA, GetCurrentDirectoryA, SetErrorMode, LoadLibraryA, GetProcAddress, FreeLibrary, GetModuleFileNameA, LocalFree, LocalAlloc, GlobalUnlock, GlobalLock, FindResourceA, SizeofResource, LoadResource, GlobalAlloc, GlobalFree, GetVersion, lstrcmpA, IsBadReadPtr, GlobalAddAtomA, GetProfileStringA, lstrcmpiA, GetCurrentThreadId, lstrlenA, GetStringTypeW, GetLocaleInfoA, GetLocaleInfoW, FlushFileBuffers, CloseHandle, SetStdHandle, SetFilePointer, CompareStringA, CompareStringW, LockResource, FreeResource, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, WriteFile, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, MultiByteToWideChar, FreeEnvironmentStringsA, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, GetStdHandle, GetTimeZoneInformation, VirtualAlloc, GetFileType, SetHandleCount, VirtualFree, HeapCreate, HeapDestroy, GetStringTypeA, SetLastError, TlsFree, TlsAlloc, TlsSetValue, GetCurrentProcess, TerminateProcess, ExitProcess, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetCommandLineA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindNextFileA, FindFirstFileA, GetLastError, TlsGetValue<BR>> USER32.dll: ExcludeUpdateRgn, GetWindowTextA, ClientToScreen, IsWindowEnabled, DrawTextA, GetFocus, EndPaint, IntersectRect, DrawFocusRect, GetParent, ScreenToClient, GetClassNameA, CallNextHookEx, InvalidateRect, GetSysColor, GetDC, MapWindowPoints, ShowCaret, BeginPaint, GetWindowDC, GetWindowRect, InflateRect, OffsetRect, ReleaseDC, GetWindowLongA, IsChild, GetWindow, SetWindowsHookExA, UnhookWindowsHookEx, CharNextA, GetClientRect, RemovePropA, CallWindowProcA, SendMessageA, SetWindowLongA, SetPropA, GetPropA, HideCaret, RegisterClassA, DialogBoxParamA, CreateDialogParamA, LoadBitmapA, SetFocus, SetCapture, GetCapture, ReleaseCapture, GetDlgCtrlID, SendDlgItemMessageA, CopyRect, GetDlgItem, EnumChildWindows, DefFrameProcA, DefMDIChildProcA, IsIconic, GetUpdateRect, DefWindowProcA, IsDialogMessageA, TranslateMDISysAccel, TranslateAcceleratorA, TranslateMessage, DispatchMessageA, FillRect, GetKeyState, PostMessageA, SetCursor, SetWindowPos, TrackPopupMenu, GetMenuItemCount, GetMenuItemID, GetMenuStringA, GetMenuState, GetSubMenu, ModifyMenuA, SetMenu, ShowWindow, UpdateWindow, AdjustWindowRectEx, LoadCursorA, CreateWindowExA, DestroyWindow, GetSystemMetrics, GetClassInfoA, GetMessageA, PeekMessageA, GetTabbedTextExtentA<BR>> GDI32.dll: DeleteObject, PatBlt, SetBkColor, ExtTextOutA, IntersectClipRect, GetTextExtentPointA, SetTextColor, SelectObject, GetDeviceCaps, CreateSolidBrush, DeleteDC, BitBlt, CreateCompatibleDC, SetBkMode, CreateDIBitmap, GetSystemPaletteEntries, CreateDIBSection, SelectPalette, GetStockObject, CreatePen, SetROP2, GetObjectA, Rectangle, Polyline, GetDIBits, CreateCompatibleBitmap, CreateFontIndirectA, CreatePalette, SetDIBColorTable, RealizePalette, GetPaletteEntries, LineTo, MoveToEx, SetTextAlign, TextOutA, GetTextMetricsA, SetPixel, StretchBlt, GdiFlush<BR>> COMCTL32.dll: -<BR><BR>( 205 exports ) <BR>ActiveSprite, AddFont, AddFont16, AddImage, AddMask, AddOwnerDrawSprite, AddSong, AddSprite, BtnWndProc3d, BuildRemapTable, CloseFli, CloseSoundDevice, ColMask_Create, ColMask_CreateEx, ColMask_Fill, ColMask_FillRectangle, ColMask_Kill, ColMask_OrImage, ColMask_OrPlatform, ColMask_Scroll, ColMask_SetClip, ColMask_TestRect, ColMask_TestSprite_IXY, ColMask_ToLog, ComboWndProc3d, CreateFontIndirect16, Ctl3dAutoSubclass, Ctl3dColorChange, Ctl3dCtlColor, Ctl3dCtlColorEx, Ctl3dDlgFramePaint, Ctl3dDlgProc, Ctl3dEnabled, Ctl3dGetVer, Ctl3dRegister, Ctl3dSetStyle, Ctl3dSubclassCtl, Ctl3dSubclassDlg, Ctl3dSubclassDlgEx, Ctl3dUnregister, Ctl3dWinIniChange, Debug_WinGetObj, DefMsgProc, DelFont, DelImage, DelMask, DelSong, DelSprite, DelSpriteFast, DialHook, DialMsgHook, DialOpen, DialProc, DibToImage, DibToImageEx, DrawPopup, EditWndProc3d, EnableIt50, EndAppli, EndFullScreen, EnumFile, EnumGCProc, EnumScreenModes, FillDib, GetBankInfos, GetCptVbl, GetFontInfos, GetFontInfos16, GetGraphicExts, GetImageBits, GetImageInfos, GetImageInfosQuick, GetImageSize, GetIt50, GetKnpPalette, GetMsg, GetNearestIndex, GetOpaqueBlack, GetPicInfos, GetRGB, GetSongDatas, GetSongInfos, GetSpriteExtra, Get_AppSize, ImageToDib, IncFontCount, IncImageCount, IncSongCount, InitAppli, InitDibHeader, IsImageEmpty, IsPixelTransp, IsSongPlaying, KbHookProc, KillBank, KnpCursorProc, KnpTabProc, ListWndProc3d, LoadPicEx, LockBank, LogFont16To32, LogFont32To16, MeasurePopup, ModifOwnerDrawSprite, ModifSprite, ModifSpriteEffect, OpenFliEx, PanicHookProc, PasteSprite, PasteSpriteEffect, PlayFli, PlaySong, PurgeBank, RazCptVbl, RemapDib, ResetAppDialHook, RestartFli, RestoreRect, SCRWinOpen, SaveRect, ScreenUpdate, SetAppDialHook, SetColMode, SetDefaultPalette256, SetImageBits, SetModeAppli, SetPaletteAppli, SetSongParams, ShowSprite, SpriteAllCol_IXY, SpriteClear, SpriteCol2, SpriteCol2_IXY, SpriteCol_IXY, SpriteCol_TestPoint, SpriteDraw, SpriteSetColMode, SpriteUpdate, StartFilterHook, StartFullScreen, StartFullScreenEx, StartPanicHook, StaticProc, StaticWndProc3d, StopFilterHook, StopPanicHook, StopSong, StretchImage, StretchLog, TimerInterrupt, UnlockBank, WCDClose, WaveDone, WavePerio, WaveSetChannels, WinAddCoord, WinAddZone, WinBox, WinCaptureFli, WinCapture_Dib8, WinClip, WinCls, WinCreateFont, WinEndWait, WinFillBr, WinFillRect, WinGetFlags, WinGetHDC, WinGetHDCLog, WinGetHandle, WinGetLogRect, WinGetMCHandle, WinGrabDesktop, WinGradRect, WinGraphMode, WinGraphOp, WinLine, WinMove, WinOpen, WinOpenEx, WinPaletteChanged, WinPaper, WinPasteText, WinPen, WinPlot, WinQueryNewPalette, WinRealizePalette, WinRect, WinReleaseHDC, WinReleaseHDCLog, WinResetZones, WinScroll, WinSearch, WinSelectPalette, WinSetAccel, WinSetFlags, WinSetFont, WinSetMenu, WinSetMouse, WinSetPal, WinSetProc, WinSize, WinStartWait, WinTrackPopupMenu, _CusTabProc@16<BR>PDFiD.: -RDS...: NSRL Reference Data Set<BR>-

adam25

File cncs32.dll received on 2009.07.10 14:10:54 (UTC)
Current status: finished
Result: 8/41 (19.51%)

Antivirus

Version

Last Update

Result

a-squared
4.5.0.18
2009.07.10
-
AhnLab-V3
5.0.0.2
2009.07.10
Win-Trojan/Banker.172032.D
AntiVir
7.9.0.204
2009.07.10
-
Antiy-AVL
2.0.3.1
2009.07.10
-
Authentium
5.1.2.4
2009.07.09
-
Avast
4.8.1335.0
2009.07.09
-
AVG
8.5.0.387
2009.07.10
-
BitDefender
7.2
2009.07.10
-
CAT-QuickHeal
10.00
2009.07.10
TrojanBanker.Banker.afwk
ClamAV
0.94.1
2009.07.10
-
Comodo
1604
2009.07.10
-
DrWeb
5.0.0.12182
2009.07.10
-
eSafe
7.0.17.0
2009.07.09
-
eTrust-Vet
31.6.6607
2009.07.10
-
F-Prot
4.4.4.56
2009.07.09
-
F-Secure
8.0.14470.0
2009.07.10
Trojan-Banker.Win32.Banker.afwk
Fortinet
3.117.0.0
2009.07.03
-
GData
19
2009.07.10
-
Ikarus
T3.1.1.64.0
2009.07.10
-
Jiangmin
11.0.706
2009.07.09
TrojanSpy.Banker.uwu
K7AntiVirus
7.10.788
2009.07.09
-
Kaspersky
7.0.0.125
2009.07.10
Trojan-Banker.Win32.Banker.afwk
McAfee
5671
2009.07.09
-
McAfee+Artemis
5671
2009.07.09
-
McAfee-GW-Edition
6.8.5
2009.07.10
Heuristic.LooksLike.Sophos MalGeneric-A.H
Microsoft
1.4803
2009.07.10
-
NOD32
4232
2009.07.10
-
Norman
6.01.09
2009.07.09
-
nProtect
2009.1.8.0
2009.07.10
Trojan-Spy/W32.Banker.172032.C
Panda
10.0.0.14
2009.07.09
-
PCTools
4.4.2.0
2009.07.10
-
Prevx
3.0
2009.07.10
-
Rising
21.37.44.00
2009.07.10
-
Sophos
4.43.0
2009.07.10
-
Sunbelt
3.2.1858.2
2009.07.10
-
Symantec
1.4.4.12
2009.07.10
-
TheHacker
6.3.4.3.363
2009.07.08
-
TrendMicro
8.950.0.1094
2009.07.10
-
VBA32
3.12.10.8
2009.07.10
-
ViRobot
2009.7.10.1829
2009.07.10
-
VirusBuster
4.6.5.0
2009.07.09
Trojan.PWS.Banker.BSOL

　
　
Additional information File size: 172032 bytes MD5 : f9fb7512a032b3b1aeed929f16fcad49 SHA1 : 2083c654ee9d58bb98f3c192b9bbe45b381cf88d SHA256: 0dad052e60c415bf250f1e33f8ffc3c02c3d39013e6a385a62347cdc69e3c784 PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1B410
timedatestamp.....: 0x38A00EA5 (Tue Feb 8 13:40:05 2000)
machinetype.......: 0x14C (Intel I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x203D0 0x20400 6.73 3ed499b2cf2152279379825d21c90729
INIT_TEX 0x22000 0x740 0x800 5.71 47d7e8b771cbe95e519c9fafead96ca4
.rdata 0x23000 0x1D8A 0x1E00 5.42 d96364dd590f21735ee8cd2ada84ed33
.data 0x25000 0x4A84 0x3200 3.10 76a9611bb711abd73b3f6b7d39faa00b
.idata 0x2A000 0x1690 0x1800 5.35 e2f47c9b8b1c46d6b1cc4eccdfd4aed9
.rsrc 0x2C000 0xA30 0xC00 4.00 9383d5cdded196ce9dee89141ec2b055
.reloc 0x2D000 0x1BC6 0x1C00 6.23 7a0c71b249bd70970e511784b851511c

( 5 imports )

> comctl32.dll: -
> gdi32.dll: DeleteObject, PatBlt, SetBkColor, ExtTextOutA, IntersectClipRect, GetTextExtentPointA, SetTextColor, SelectObject, GetDeviceCaps, CreateSolidBrush, DeleteDC, BitBlt, CreateCompatibleDC, SetBkMode, CreateDIBitmap, GetSystemPaletteEntries, CreateDIBSection, SelectPalette, GetStockObject, CreatePen, SetROP2, GetObjectA, Rectangle, Polyline, GetDIBits, CreateCompatibleBitmap, CreateFontIndirectA, CreatePalette, SetDIBColorTable, RealizePalette, GetPaletteEntries, LineTo, MoveToEx, SetTextAlign, TextOutA, GetTextMetricsA, SetPixel, StretchBlt, GdiFlush
> kernel32.dll: _lclose, _lopen, _hread, _lread, lstrcatA, _llseek, GlobalDeleteAtom, GlobalReAlloc, SetEnvironmentVariableA, HeapReAlloc, GetModuleHandleA, GetPrivateProfileIntA, GlobalSize, lstrcpyA, SetCurrentDirectoryA, GetCurrentDirectoryA, SetErrorMode, LoadLibraryA, GetProcAddress, FreeLibrary, GetModuleFileNameA, LocalFree, LocalAlloc, GlobalUnlock, GlobalLock, FindResourceA, SizeofResource, LoadResource, GlobalAlloc, GlobalFree, GetVersion, lstrcmpA, IsBadReadPtr, GlobalAddAtomA, GetProfileStringA, lstrcmpiA, GetCurrentThreadId, lstrlenA, GetStringTypeW, GetLocaleInfoA, GetLocaleInfoW, FlushFileBuffers, CloseHandle, SetStdHandle, SetFilePointer, CompareStringA, CompareStringW, LockResource, FreeResource, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, WriteFile, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, MultiByteToWideChar, FreeEnvironmentStringsA, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, GetStdHandle, GetTimeZoneInformation, VirtualAlloc, GetFileType, SetHandleCount, VirtualFree, HeapCreate, HeapDestroy, GetStringTypeA, SetLastError, TlsFree, TlsAlloc, TlsSetValue, GetCurrentProcess, TerminateProcess, ExitProcess, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetCommandLineA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindNextFileA, FindFirstFileA, GetLastError, TlsGetValue
> user32.dll: ExcludeUpdateRgn, GetWindowTextA, ClientToScreen, IsWindowEnabled, DrawTextA, GetFocus, EndPaint, IntersectRect, DrawFocusRect, GetParent, ScreenToClient, GetClassNameA, CallNextHookEx, InvalidateRect, GetSysColor, GetDC, MapWindowPoints, ShowCaret, BeginPaint, GetWindowDC, GetWindowRect, InflateRect, OffsetRect, ReleaseDC, GetWindowLongA, IsChild, GetWindow, SetWindowsHookExA, UnhookWindowsHookEx, CharNextA, GetClientRect, RemovePropA, CallWindowProcA, SendMessageA, SetWindowLongA, SetPropA, GetPropA, HideCaret, RegisterClassA, DialogBoxParamA, CreateDialogParamA, LoadBitmapA, SetFocus, SetCapture, GetCapture, ReleaseCapture, GetDlgCtrlID, SendDlgItemMessageA, CopyRect, GetDlgItem, EnumChildWindows, DefFrameProcA, DefMDIChildProcA, IsIconic, GetUpdateRect, DefWindowProcA, IsDialogMessageA, TranslateMDISysAccel, TranslateAcceleratorA, TranslateMessage, DispatchMessageA, FillRect, GetKeyState, PostMessageA, SetCursor, SetWindowPos, TrackPopupMenu, GetMenuItemCount, GetMenuItemID, GetMenuStringA, GetMenuState, GetSubMenu, ModifyMenuA, SetMenu, ShowWindow, UpdateWindow, AdjustWindowRectEx, LoadCursorA, CreateWindowExA, DestroyWindow, GetSystemMetrics, GetClassInfoA, GetMessageA, PeekMessageA, GetTabbedTextExtentA
> winmm.dll: waveOutPrepareHeader, mciSendCommandA, waveOutReset, waveOutWrite, waveOutUnprepareHeader, timeSetEvent, waveOutClose, waveOutOpen, timeGetTime, timeKillEvent, timeGetDevCaps

( 1 exports )

> ActiveSprite, AddFont, AddFont16, AddImage, AddMask, AddOwnerDrawSprite, AddSong, AddSprite, BtnWndProc3d, BuildRemapTable, CloseFli, CloseSoundDevice, ColMask_Create, ColMask_CreateEx, ColMask_Fill, ColMask_FillRectangle, ColMask_Kill, ColMask_OrImage, ColMask_OrPlatform, ColMask_Scroll, ColMask_SetClip, ColMask_TestRect, ColMask_TestSprite_IXY, ColMask_ToLog, ComboWndProc3d, CreateFontIndirect16, Ctl3dAutoSubclass, Ctl3dColorChange, Ctl3dCtlColor, Ctl3dCtlColorEx, Ctl3dDlgFramePaint, Ctl3dDlgProc, Ctl3dEnabled, Ctl3dGetVer, Ctl3dRegister, Ctl3dSetStyle, Ctl3dSubclassCtl, Ctl3dSubclassDlg, Ctl3dSubclassDlgEx, Ctl3dUnregister, Ctl3dWinIniChange, Debug_WinGetObj, DefMsgProc, DelFont, DelImage, DelMask, DelSong, DelSprite, DelSpriteFast, DialHook, DialMsgHook, DialOpen, DialProc, DibToImage, DibToImageEx, DrawPopup, EditWndProc3d, EnableIt50, EndAppli, EndFullScreen, EnumFile, EnumGCProc, EnumScreenModes, FillDib, GetBankInfos, GetCptVbl, GetFontInfos, GetFontInfos16, GetGraphicExts, GetImageBits, GetImageInfos, GetImageInfosQuick, GetImageSize, GetIt50, GetKnpPalette, GetMsg, GetNearestIndex, GetOpaqueBlack, GetPicInfos, GetRGB, GetSongDatas, GetSongInfos, GetSpriteExtra, Get_AppSize, ImageToDib, IncFontCount, IncImageCount, IncSongCount, InitAppli, InitDibHeader, IsImageEmpty, IsPixelTransp, IsSongPlaying, KbHookProc, KillBank, KnpCursorProc, KnpTabProc, ListWndProc3d, LoadPicEx, LockBank, LogFont16To32, LogFont32To16, MeasurePopup, ModifOwnerDrawSprite, ModifSprite, ModifSpriteEffect, OpenFliEx, PanicHookProc, PasteSprite, PasteSpriteEffect, PlayFli, PlaySong, PurgeBank, RazCptVbl, RemapDib, ResetAppDialHook, RestartFli, RestoreRect, SCRWinOpen, SaveRect, ScreenUpdate, SetAppDialHook, SetColMode, SetDefaultPalette256, SetImageBits, SetModeAppli, SetPaletteAppli, SetSongParams, ShowSprite, SpriteAllCol_IXY, SpriteClear, SpriteCol2, SpriteCol2_IXY, SpriteCol_IXY, SpriteCol_TestPoint, SpriteDraw, SpriteSetColMode, SpriteUpdate, StartFilterHook, StartFullScreen, StartFullScreenEx, StartPanicHook, StaticProc, StaticWndProc3d, StopFilterHook, StopPanicHook, StopSong, StretchImage, StretchLog, TimerInterrupt, UnlockBank, WCDClose, WaveDone, WavePerio, WaveSetChannels, WinAddCoord, WinAddZone, WinBox, WinCaptureFli, WinCapture_Dib8, WinClip, WinCls, WinCreateFont, WinEndWait, WinFillBr, WinFillRect, WinGetFlags, WinGetHDC, WinGetHDCLog, WinGetHandle, WinGetLogRect, WinGetMCHandle, WinGrabDesktop, WinGradRect, WinGraphMode, WinGraphOp, WinLine, WinMove, WinOpen, WinOpenEx, WinPaletteChanged, WinPaper, WinPasteText, WinPen, WinPlot, WinQueryNewPalette, WinRealizePalette, WinRect, WinReleaseHDC, WinReleaseHDCLog, WinResetZones, WinScroll, WinSearch, WinSelectPalette, WinSetAccel, WinSetFlags, WinSetFont, WinSetMenu, WinSetMouse, WinSetPal, WinSetProc, WinSize, WinStartWait, WinTrackPopupMenu, _CusTabProc@16 ssdeep: 3072:vUY+DvDuBM31j4XO0WlZek7dc2Bfb8fOjE9LCnHtZbRhw5+2zdF:s5DbSMF37dhBf10LCnHP2 PEiD : - RDS : NSRL Reference Data Set

adam25

well its been a day or two and no blue screen errors so far so good. im running scans to remove the spyware that is found now and it looks to be working. so what do you think.

Katana

I think we need a closer look at those two files


Upload a File
Download suspicious file packer from here

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\Windows\system\cncs32.dll
C:\Windows\System32\cncs32.dll

Go to spykiller

Please start a new thread Titled File/s for Katana and give the following information

• Name:-- Your name
• E-mail:-- Your E-mail (this is confidential and will not be displayed)
• Subject:-- File for Katana

In the main text window please put the following link

http://icrontic.com/forum/showthread.php?p=696603#post696603

you may also add any comments you wish
then press attach and upload the zip/cab file that was created.

Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.
You DO NOT need to be a member to upload, anybody can upload the files

You can now delete SFP (exe and Zip) along with the .cab file that was created

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:

  :dir
  C:\Windows\system
  :file
  C:\Windows\system\cncs32.dll
  C:\Windows\System32\cncs32.dll
  :filefind
  cncs32.dll
  :regfind
  cncs32.dll
  :comment
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

---

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• Link to your SyKiller thread
• SystemLook log

adam25

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 00:29 on 11/07/2009 by adam (Administrator - Elevation successful)
========== dir ==========
C:\Windows\system - Parameters: "(none)"
---Files---
avicap.dll --a--- 69584 bytes [12:34 02/11/2006] [12:34 02/11/2006]
avifile.dll --a--- 109456 bytes [12:34 02/11/2006] [12:34 02/11/2006]
Cncres.dll --a--- 419936 bytes [06:11 05/10/2003] [06:11 05/10/2003]
Cncres32.dll --a--- 534528 bytes [06:11 05/10/2003] [06:11 05/10/2003]
CNCS.dll --a--- 133088 bytes [06:11 05/10/2003] [06:11 05/10/2003]
Cncs232.dll --a--- 280064 bytes [06:11 05/10/2003] [06:11 05/10/2003]
cncs32.dll --a--- 172032 bytes [02:43 17/06/2003] [02:43 17/06/2003]
COMMDLG.DLL --a--- 32816 bytes [07:10 02/11/2006] [07:10 02/11/2006]
keyboard.drv --a--- 2000 bytes [07:10 02/11/2006] [07:10 02/11/2006]
lzexpand.dll --a--- 9936 bytes [06:25 02/11/2006] [21:43 18/09/2006]
mciavi.drv --a--- 73376 bytes [12:34 02/11/2006] [12:34 02/11/2006]
mciseq.drv --a--- 25264 bytes [12:34 02/11/2006] [12:34 02/11/2006]
mciwave.drv --a--- 28160 bytes [12:34 02/11/2006] [12:34 02/11/2006]
MMSYSTEM.DLL --a--- 68992 bytes [07:10 02/11/2006] [07:10 02/11/2006]
mmtask.tsk --a--- 1152 bytes [07:10 02/11/2006] [07:10 02/11/2006]
mouse.drv --a--- 2032 bytes [07:10 02/11/2006] [07:10 02/11/2006]
msvideo.dll --a--- 126912 bytes [12:34 02/11/2006] [12:34 02/11/2006]
olecli.dll --a--- 82944 bytes [06:25 02/11/2006] [21:43 18/09/2006]
OLESVR.DLL --a--- 24064 bytes [07:10 02/11/2006] [07:10 02/11/2006]
SHELL.DLL --a--- 5120 bytes [07:10 02/11/2006] [07:10 02/11/2006]
sound.drv --a--- 1744 bytes [07:10 02/11/2006] [07:10 02/11/2006]
stdole.tlb --a--- 5532 bytes [07:29 02/11/2006] [21:35 18/09/2006]
system.drv --a--- 3360 bytes [07:10 02/11/2006] [07:10 02/11/2006]
TIMER.DRV --a--- 4048 bytes [07:10 02/11/2006] [07:10 02/11/2006]
ver.dll --a--- 9008 bytes [06:25 02/11/2006] [21:43 18/09/2006]
vga.drv --a--- 2176 bytes [07:10 02/11/2006] [07:10 02/11/2006]
WFWNET.DRV --a--- 12704 bytes [07:10 02/11/2006] [07:10 02/11/2006]
---Folders---
None found.
========== file ==========
C:\Windows\system\cncs32.dll - File found and opened.
MD5: F9FB7512A032B3B1AEED929F16FCAD49
Created at 02:43 on 17/06/2003
Modified at 02:43 on 17/06/2003
Size: 172032 bytes
Attributes: --a---
FileDescription: MFX / TGF Graphic Library
InternalName: cncs32.dll
CompanyName: Europress Software
LegalCopyright: Copyright © Clickteam & Europress Software 1996-1999
C:\Windows\System32\cncs32.dll - File found and opened.
MD5: F9FB7512A032B3B1AEED929F16FCAD49
Created at 02:43 on 17/06/2003
Modified at 02:43 on 17/06/2003
Size: 172032 bytes
Attributes: --a---
FileDescription: MFX / TGF Graphic Library
InternalName: cncs32.dll
CompanyName: Europress Software
LegalCopyright: Copyright © Clickteam & Europress Software 1996-1999
========== filefind ==========
Searching for "cncs32.dll"
C:\Windows\System32\cncs32.dll --a--- 172032 bytes [02:43 17/06/2003] [02:43 17/06/2003] F9FB7512A032B3B1AEED929F16FCAD49
C:\Windows\system\cncs32.dll --a--- 172032 bytes [02:43 17/06/2003] [02:43 17/06/2003] F9FB7512A032B3B1AEED929F16FCAD49
========== regfind ==========
Searching for "cncs32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2014439561-814355023-1643226353-1001\Components\1B48501683E6DDA4D9DC46A841A869AD]
""0724C0A5BDFD86B44A246B9614183560""=="D?\cncs32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2014439561-814355023-1643226353-1001\Components\54E89DD6021128A419C993AEADBD75D4]
""0724C0A5BDFD86B44A246B9614183560""=="D?\Program Files\Dream soft\Pokemon Light\cncs32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2014439561-814355023-1643226353-1001\Components\89BFA82EAF34B2B4D8AF6E8CC6527C39]
""0724C0A5BDFD86B44A246B9614183560""=="C?\Windows\system\cncs32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2014439561-814355023-1643226353-1001\Components\9B3383FADBCADDA4CB20D2EFA290AB34]
""0724C0A5BDFD86B44A246B9614183560""=="D?\Program Files\Dream soft\win ginx\cncs32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2014439561-814355023-1643226353-1001\Components\C45E16414ABEBCA40A88916F69CB7469]
""0724C0A5BDFD86B44A246B9614183560""=="C?\Windows\system32\cncs32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2014439561-814355023-1643226353-1001\Components\CBCE996115AEE304EA2003EE7D331C4F]
""0724C0A5BDFD86B44A246B9614183560""=="D?\Program Files\Dream soft\agemanagementsystem\cncs32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2014439561-814355023-1643226353-1001\Components\EB6342D040F0977449C1479ED94165A3]
""0724C0A5BDFD86B44A246B9614183560""=="D?\Program Files\Dream soft\xspf\cncs32.dll"
-=End Of File=-

adam25

is this what you wanted when you said link to my spykiller thread
http://thespykiller.co.uk/index.php/topic,8579.msg34349.html#msg34349

Katana

Thanks for those files, unfortunately I am more confused now than I was before.

The files "appear" to be legitimate, they are the right size, date, and have the correct Company info.
BUT .....

Eight different virus scanners say they are password stealer's, and there is no info on the MD5 checksums

They look to have been created in 2003 on your machine, and seem to be game related.
I think that to be on the safe side we should move those files to a different folder.
If you find that something doesn't run properly, then we can just move them back.

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it Move.bat Please save it on your desktop.

@Echo Off
for %%G in (
C:\Windows\system\cncs32.dll
C:\Windows\system32\cncs32.dll
) do (
attrib -r -a -s -h "%%G"
If exist "%%G" md "C:\MovedFiles\%%~pG"&Move "%%G" "C:\MovedFiles\%%~pG"
)
@ (
Echo. Suspect files moved by Katana
Echo. If there are any problems these files can just be returned to their respective Windows folder
Echo. or contact Katana at Icrontic forums
) >> "C:\MovedFiles\ReadMe.txt"
Dir /l/a/b/s "C:\MovedFiles" >> "%temp%\log.txt"
notepad "%temp%\log.txt"
del /q %0
exit

Right Click >> Run As Admin on Move.bat

Notepad will open, please copy/paste the results here.

adam25

c:\movedfiles\readme.txt
c:\movedfiles\windows
c:\movedfiles\windows\system
c:\movedfiles\windows\system32
c:\movedfiles\windows\system\cncs32.dll
c:\movedfiles\windows\system32\cncs32.dll

adam25

just thourght i'd let you know i brought this computer new 5 months ago.

adam25

so if this problem is form before then it would be great to know.

Katana

The file date could be from when they were created by the company.

Do you know anything about these ?

Program Files\Dream soft\Pokemon Light
Program Files\Dream soft\win ginx
Program Files\Dream soft

The files look to related.
Have you ever installed these, or were they pre-installed and you removed them ?