Yesterday, I tried to get online and started getting all these messages from Antivir Solutions Pro (did not download to computer) that my computer was infected. Couldn't run AVG, couldn't get online, couldn't do anything. I finally went to safe mode, and did a system restore. Now the AVG is totally not even loading. Internet will only work if I turn off the add ons. I am running Windows Vista Home. Not my laptop, but I share with a friend. I had already downloaded Avira Antivir Personal before I found this site, so I may have added to my problem.
Root Repeal:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/08/01 09:54
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8E8E8000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8E8DD000 Size: 45056 File Visible: No Signed: -
Status: -
Name: rootrepeal[1].sys
Image Path: C:\Windows\system32\drivers\rootrepeal[1].sys
Address: 0x9CD06000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1600 Status: Locked to the Windows API!
==EOF==
Log text:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Debra at 2010-08-01 09:48:06
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 96 GB (64%) free of 151 GB
Total RAM: 893 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:57 AM, on 8/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Common Files\aol\1209413314\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Debra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HS7R7PV2\RSIT[1].exe
C:\Program Files\trend micro\Debra.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2644241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O1 - Hosts: 69.10.51.38 a1.review.zdnet.com
O1 - Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 - Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 - Hosts: 69.10.51.38 reviews.download.com
O1 - Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 - Hosts: 69.10.51.38 reviews.pcmag.com
O1 - Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 - Hosts: 69.10.51.38 reviews.techradar.com
O1 - Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 - Hosts: 69.10.51.38 www.reevoo.com
O1 - Hosts: 69.10.51.38 toptenreviews.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209413314\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [37465982736455] C:\ProgramData\gwr\mradll.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE /UNINSTALL
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [69387646557683] C:\ProgramData\gwr\wsn.bat
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://download.cnet.com
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://image.jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD55E21-021A-4983-9CAE-6A5BE8FEADF0}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 12599 bytes
======Scheduled tasks folder======
C:\Windows\tasks\RegTool Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-21 1619296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685}]
Oryte Games 1.13 Toolbar - C:\Program Files\Oryte_Games_1.13\tbOryt.dll [2010-06-13 2734688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - Oryte Games 1.13 Toolbar - C:\Program Files\Oryte_Games_1.13\tbOryt.dll [2010-06-13 2734688]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-09-11 180224]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-25 4444160]
"NDSTray.exe"=NDSTray.exe []
"HWSetup"=\HWSetup.exe hwSetUP []
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-23 438272]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-03-22 448632]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-04-26 538744]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2005-05-23 90112]
"HostManager"=C:\Program Files\Common Files\AOL\1209413314\ee\AOLSoftware.exe [2006-09-25 50736]
"Skytel"=C:\Windows\Skytel.exe [2007-04-13 1822720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"37465982736455"=C:\ProgramData\gwr\mradll.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
""= []
"Korean IME Migration"=C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE [2006-10-26 26400]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-12 2065760]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=TOSCDSPD.EXE []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"69387646557683"=C:\ProgramData\gwr\wsn.bat [2009-08-07 49]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-08-01 09:48:09 ----D---- C:\Program Files\trend micro
2010-08-01 09:48:06 ----D---- C:\rsit
2010-08-01 09:10:24 ----D---- C:\Users\Debra\AppData\Roaming\Avira
2010-08-01 09:08:34 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-08-01 09:08:31 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-08-01 09:08:31 ----A---- C:\Windows\system32\drivers\avgntmgr.sys
2010-08-01 09:08:31 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-08-01 09:08:31 ----A---- C:\Windows\system32\drivers\avgntdd.sys
2010-08-01 09:08:26 ----D---- C:\ProgramData\Avira
2010-08-01 09:08:26 ----D---- C:\Program Files\Avira
2010-07-31 21:53:28 ----ASH---- C:\hiberfil.sys
2010-07-22 00:16:27 ----D---- C:\ProgramData\AVS4YOU
2010-07-22 00:16:08 ----D---- C:\Users\Debra\AppData\Roaming\AVS4YOU
2010-07-22 00:14:20 ----D---- C:\Program Files\Common Files\AVSMedia
2010-07-22 00:14:20 ----A---- C:\Windows\system32\mfc70.dll
2010-07-22 00:14:17 ----A---- C:\Windows\system32\msvcp70.dll
2010-07-22 00:14:16 ----A---- C:\Windows\system32\msxml3a.dll
2010-07-22 00:14:14 ----D---- C:\Program Files\AVS4YOU
2010-07-20 15:25:46 ----A---- C:\Windows\system32\drivers\seehcri.sys
2010-07-20 15:19:01 ----D---- C:\Program Files\Sony Ericsson
2010-07-19 15:20:49 ----D---- C:\Users\Debra\AppData\Roaming\Apple Computer
2010-07-19 15:18:00 ----A---- C:\Windows\system32\GEARAspi.dll
2010-07-19 15:17:59 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2010-07-19 15:15:39 ----D---- C:\Program Files\iPod
2010-07-19 15:15:20 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-19 15:15:20 ----D---- C:\Program Files\iTunes
2010-07-19 13:08:57 ----D---- C:\Program Files\QuickTime
2010-07-19 13:08:56 ----D---- C:\ProgramData\Apple Computer
2010-07-19 13:07:29 ----D---- C:\Program Files\Apple Software Update
2010-07-19 13:01:19 ----D---- C:\Program Files\Bonjour
2010-07-19 13:01:02 ----D---- C:\ProgramData\Apple
2010-07-19 13:01:02 ----D---- C:\Program Files\Common Files\Apple
2010-07-18 09:55:52 ----D---- C:\ProgramData\McAfee Security Scan
2010-07-18 09:55:46 ----D---- C:\Program Files\McAfee Security Scan(1)
2010-07-18 09:55:46 ----D---- C:\Program Files\McAfee Security Scan
2010-07-18 08:53:45 ----D---- C:\Users\Debra\AppData\Roaming\Mozilla
2010-07-18 08:52:50 ----D---- C:\Program Files\Mozilla Firefox
2010-07-15 19:40:46 ----D---- C:\denny
2010-07-13 23:21:03 ----D---- C:\e848a4ed68a812ec3b
2010-07-12 19:36:20 ----D---- C:\Program Files\Conduit
2010-07-12 19:36:17 ----D---- C:\Program Files\Oryte_Games_1.13
2010-07-12 18:46:27 ----A---- C:\Windows\system32\avgrsstx.dll
2010-07-12 18:46:27 ----A---- C:\Windows\system32\avgrsstx(145).dll
2010-07-12 18:46:24 ----A---- C:\Windows\system32\drivers\avgtdix.sys
2010-07-12 18:46:13 ----A---- C:\Windows\system32\drivers\avgldx86.sys
2010-07-12 18:46:10 ----A---- C:\Windows\system32\drivers\avgmfx86.sys
2010-07-12 18:46:04 ----D---- C:\Windows\system32\drivers\Avg
2010-07-12 18:42:48 ----D---- C:\Program Files\AVG(0)
2010-07-12 18:42:48 ----D---- C:\Program Files\AVG
2010-07-12 18:42:21 ----D---- C:\ProgramData\avg9(167)
2010-07-12 18:42:21 ----D---- C:\ProgramData\avg9
2010-07-11 14:08:45 ----N---- C:\Windows\system32\MpSigStub.exe
======List of files/folders modified in the last 1 months======
2010-08-01 09:48:56 ----D---- C:\Windows\Temp
2010-08-01 09:48:09 ----RD---- C:\Program Files
2010-08-01 09:13:51 ----SHD---- C:\System Volume Information
2010-08-01 09:08:34 ----D---- C:\Windows\system32\drivers
2010-08-01 09:08:26 ----HD---- C:\ProgramData
2010-08-01 09:06:06 ----SHD---- C:\Windows\Installer
2010-08-01 09:06:05 ----D---- C:\Windows\winsxs
2010-08-01 08:23:27 ----D---- C:\Windows\system32\wbem
2010-08-01 08:23:27 ----D---- C:\Windows
2010-08-01 08:22:35 ----D---- C:\Windows\system32\config
2010-08-01 08:22:17 ----D---- C:\Windows\Tasks
2010-08-01 08:22:17 ----D---- C:\Windows\system32\spool
2010-08-01 08:22:17 ----D---- C:\Windows\system32\Msdtc
2010-08-01 08:22:17 ----D---- C:\Windows\system32\drivers\etc
2010-08-01 08:22:17 ----D---- C:\Windows\system32\CodeIntegrity
2010-08-01 08:22:17 ----D---- C:\Windows\system32\catroot2
2010-08-01 08:22:17 ----D---- C:\Windows\inf
2010-08-01 08:22:17 ----AD---- C:\Windows\System32
2010-08-01 08:22:07 ----D---- C:\Windows\registration
2010-07-31 21:25:00 ----D---- C:\Windows\tracing
2010-07-31 19:56:08 ----D---- C:\Windows\Prefetch
2010-07-31 18:09:05 ----SD---- C:\Users\Debra\AppData\Roaming\Microsoft
2010-07-31 17:36:37 ----D---- C:\Windows\Logs
2010-07-22 00:14:20 ----D---- C:\Program Files\Common Files
2010-07-20 15:41:03 ----D---- C:\Windows\system32\drivers\UMDF
2010-07-20 15:28:08 ----D---- C:\Windows\system32\catroot
2010-07-20 15:12:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-19 15:17:58 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-19 13:11:21 ----D---- C:\Program Files\Internet Explorer
2010-07-19 13:08:19 ----D---- C:\Windows\system32\Tasks
2010-07-18 09:55:52 ----D---- C:\ProgramData\McAfee
2010-07-14 18:13:24 ----D---- C:\ProgramData\gwr
2010-07-13 23:25:34 ----D---- C:\Program Files\Windows Mail
2010-07-13 23:24:57 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-12 17:07:40 ----D---- C:\Users\Debra\AppData\Roaming\HpUpdate
2010-07-08 13:26:55 ----D---- C:\Windows\system32\WDI
2010-07-08 11:31:07 ----SD---- C:\Windows\Downloaded Program Files
2010-07-08 10:59:38 ----D---- C:\Users\Debra\AppData\Roaming\GetRightToGo
2010-07-02 15:39:05 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19456]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 285184]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2006-10-06 16768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-07-12 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-12 243024]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 694784]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 2590720]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-25 1771944]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 67072]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-07-20 27632]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2006-11-30 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2006-11-02 53504]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2006-10-28 40960]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\drivers\TpChoice.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-02-14 216320]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2005-09-27 207104]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-04-25 593920]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 pinger;pinger; C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-04-27 114688]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-12 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2007-12-24 87288]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
Info test:
info.txt logfile of random's system information tool 1.08 2010-08-01 09:49:08
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{AF394614-1998-4182-98B5-4EBFA9633ED2}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5-->C:\Program Files\HP\Digital Imaging\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}\setup\hpzscr01.exe -datfile hposcr37.dat -onestop -forcereboot
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{787D1A33-A97B-4245-87C0-7174609A540C}
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
Oryte Games 1.13 Toolbar-->C:\PROGRA~1\ORYTE_~1.13\UNWISE.EXE /U C:\PROGRA~1\ORYTE_~1.13\INSTALL.LOG
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Security Update for Windows Media Encoder (KB979332)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={950E24CA-CA7E-4606-8F0D-DEDBC94F2A1E} /qb
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Ulead CD & DVD PictureShow 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F6199F9-9BED-4B43-9E5C-8495086EE714}\setup.exe" -l0x9
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
======Hosts File======
69.10.51.38 a1.review.zdnet.com
69.10.51.38 d1.reviews.cnet.com
69.10.51.38 reviews.riverstreams.co.uk
69.10.51.38 reviews.download.com
69.10.51.38 review.2009softwarereviews.com
69.10.51.38 reviews.pcmag.com
69.10.51.38 reviews.pcadvisor.co.uk
69.10.51.38 reviews.techradar.com
69.10.51.38 reviews.pcpro.co.uk
69.10.51.38 www.reevoo.com
======Security center information======
AS: Windows Defender (disabled) (outdated)
======System event log======
Computer Name: Debra-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Unknown Error
Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 3
Transaction Type: N/A
Processor Participation: N/A
Request Type: N/A
Memory/Io: N/A
Memory Hierarchy Level: N/A
Timeout: N/A
Record Number: 155792
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20091218230111.930400-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Debra-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Unknown Error
Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 2
Transaction Type: N/A
Processor Participation: N/A
Request Type: N/A
Memory/Io: N/A
Memory Hierarchy Level: N/A
Timeout: N/A
Record Number: 155790
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20091218230012.650400-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Debra-PC
Event Code: 19
Message: A corrected hardware error occurred.
Error Source: Corrected Machine Check
Error Type: Unknown Error
Processor ID Valid: Yes
Processor ID: 0x1
Bank Number: 0
Transaction Type: N/A
Processor Participation: N/A
Request Type: N/A
Memory/Io: N/A
Memory Hierarchy Level: N/A
Timeout: N/A
Record Number: 155787
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20091218225938.673600-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Debra-PC
Event Code: 7000
Message: The McAfee Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 155724
Source Name: Service Control Manager
Time Written: 20091218082735.000000-000
Event Type: Error
User:
Computer Name: Debra-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the McAfee Services service to connect.
Record Number: 155723
Source Name: Service Control Manager
Time Written: 20091218082735.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Debra-PC
Event Code: 6006
Message: The winlogon notification subscriber <TrustedInstaller> took 85 second(s) to handle the notification event (CreateSession).
Record Number: 1480
Source Name: Microsoft-Windows-Winlogon
Time Written: 20070807141650.000000-000
Event Type: Warning
User:
Computer Name: Debra-PC
Event Code: 6005
Message: The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).
Record Number: 1475
Source Name: Microsoft-Windows-Winlogon
Time Written: 20070807141625.000000-000
Event Type: Warning
User:
Computer Name: Debra-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2515828465-2457155030-3732625606-1000_Classes:
Process 5228 (\Device\HarddiskVolume2\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe) has opened key \REGISTRY\USER\S-1-5-21-2515828465-2457155030-3732625606-1000_CLASSES
Record Number: 1454
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20070807141126.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Debra-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-2515828465-2457155030-3732625606-1000:
Process 544 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2515828465-2457155030-3732625606-1000
Process 5228 (\Device\HarddiskVolume2\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe) has opened key \REGISTRY\USER\S-1-5-21-2515828465-2457155030-3732625606-1000
Record Number: 1453
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20070807141123.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Debra-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 1360
Source Name: Microsoft-Windows-Search
Time Written: 20070807004853.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: Debra-PC
Event Code: 4907
Message: Auditing settings on object were changed.
Subject:
Security ID: S-1-5-18
Account Name: DEBRA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
Handle ID: 0x14
Process Information:
Process ID: 0x163c
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe
Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27330
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090415033123.696749-000
Event Type: Audit Success
User:
Computer Name: Debra-PC
Event Code: 4907
Message: Auditing settings on object were changed.
Subject:
Security ID: S-1-5-18
Account Name: DEBRA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
Handle ID: 0x14
Process Information:
Process ID: 0x163c
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe
Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27329
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090415033123.571949-000
Event Type: Audit Success
User:
Hi, debralcola. Welcome to LandzDown Forum.
We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.
If you have questions regarding any of the instructions or problems running any tools, please let us know.
There is outdated, vulnerable software on the computer that we will need to deal with. However, first, please do the following:
Please download HostXpert (http://www.funkytoad.com/download/HostsXpert.zip).
- Unzip HostsXpert.zip
- Right-click on HostsXpert.exe and select Run as Administrator.
- Then click on "Restore ms Hosts file" to restore your Hosts file to its default condition.
- Click on Make Read Only to secure it against further infection.
- Close the program when complete.
Please download
Malwarebytes' Anti-Malware (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, be sure Quick scan is selected, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253)
- Click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.
- Please post contents of that file in your next reply and a fresh HijackThis log (located at C:\Program Files\trend micro\Debra.exe).
Please let me know if there is an improvement now.
Well, I was all excited to get going, but the host file would not restore. When I clicked on restore it came back with an error message. ERROR: Cannot create file C:\Windows\system32\DRIVERS\ETC\hosts.
I went ahead and downloaded the malware stuff. What is my next step?
Here are the malwarebytes and hijackthis reports. When I ran hijackthis, I got another caution message that said it couldn't do something because of the windows32 file....I tried to go back and re do it to tell you exactly what it said and it just keeps saying hijackthis is already running. Then another message came up and said for Vista to click on the hijackthis icon (right click) and run as administrator. So I did that and it seemed to work out ok. I also restarted the computer but IE still will not run without the add-ons turned off. Please help if you can. Thanks
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4378
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
8/1/2010 5:00:58 PM
mbam-log-2010-08-01 (17-00-58).txt
Scan type: Quick scan
Objects scanned: 141084
Time elapsed: 16 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 8
Files Infected: 407
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\wstech.wstechb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wstech.wstechb.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\WStech.DLL (Rogue.GreenAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\69387646557683 (Rogue.GreenAV) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\37465982736455 (Rogue.GreenAV) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\ProgramData\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Green AV (Rogue.GreenAV) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Debra\AppData\Local\Temp\Low\H8SRTb6b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully.
C:\ProgramData\gwr\wsn.bat (Rogue.GreenAV) -> Quarantined and deleted successfully.
C:\ProgramData\gwr\wtds05.exe (Rogue.GreenAV) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-05-24 21-39-480.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-05-24 23-22-590.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-06-20 12-00-350.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-06-20 12-00-370.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-07-29 12-00-030.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-07-29 12-00-050.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-08-03 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-08-03 12-00-100.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-08-04 12-00-040.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-08-04 12-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-08-24 12-00-060.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-08-24 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-08-28 12-01-370.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-08-28 12-01-470.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-05 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-05 12-00-081.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-07 12-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-07 12-00-130.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-08 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-08 12-00-100.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-09 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-09 12-00-100.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-14 12-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-09-14 12-00-100.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-10-05 12-00-110.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-10-05 12-00-150.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-10-20 16-07-480.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-10-20 16-07-490.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-10-25 12-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-10-25 12-00-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-11-02 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-11-02 12-00-100.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-11-22 12-49-460.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-11-22 12-49-540.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-11-30 12-00-460.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-11-30 12-00-520.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-07 12-00-340.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-07 12-00-370.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-10 12-00-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-10 12-00-110.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-11 12-00-360.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-11 12-00-390.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-12 12-00-040.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-12 12-00-060.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-13 12-00-110.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-13 12-00-140.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-14 12-00-170.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-14 12-00-220.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-16 12-00-190.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-16 12-00-210.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-17 12-00-060.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-17 12-00-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-18 18-01-450.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-18 18-02-390.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-22 12-00-060.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-22 12-00-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-28 12-00-100.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-28 12-00-120.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-29 12-01-100.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2009-12-29 12-01-130.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-01-16 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-01-16 12-00-120.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-01-23 12-00-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-01-23 12-00-110.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-01-30 12-00-060.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-01-30 12-00-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-01-31 12-00-250.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-01-31 12-00-420.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-02-28 12-00-150.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Logs\2010-02-28 12-00-200.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-212.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-213.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-214.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-215.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-216.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-217.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-218.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-219.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-220.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-221.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-222.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-223.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-224.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-225.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-226.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-227.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-228.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-229.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-05-24 21-50-070\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\QuarantineW\2009-06-20 12-13-250\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Debra\AppData\Roaming\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Windows\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:51:14 PM, on 8/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Common Files\aol\1209413314\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Debra.exe
C:\Program Files\trend micro\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2644241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Good job, debralcola!
Because the MBAM log was so long, the HujackThis log got cut off. Please go the C:\Program Files\trend micro and copy the remainder of the log with the time/date "Scan saved at 5:51:14 PM, on 8/1/2010".
Thank you.
Corrine,
oops. i can't believe i didn't notice that. :smash:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:51:14 PM, on 8/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Common Files\aol\1209413314\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Debra.exe
C:\Program Files\trend micro\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2644241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O1 - Hosts: 69.10.51.38 a1.review.zdnet.com
O1 - Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 - Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 - Hosts: 69.10.51.38 reviews.download.com
O1 - Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 - Hosts: 69.10.51.38 reviews.pcmag.com
O1 - Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 - Hosts: 69.10.51.38 reviews.techradar.com
O1 - Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 - Hosts: 69.10.51.38 www.reevoo.com
O1 - Hosts: 69.10.51.38 toptenreviews.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209413314\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE /UNINSTALL
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://download.cnet.com
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://image.jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD55E21-021A-4983-9CAE-6A5BE8FEADF0}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 12206 bytes
Hi, debralcola. Thank you for the log.
Please start Internet Explorer and do the following:
- Click on the Tools menu.
- Select Internet Options.
- Click on the Connections tab.
- Click on the LAN Settings button so you are on the Local Area Network (LAN) settings screen.
- Under the Proxy Server section, please UNCHECK the checkbox labeled "Use a proxy server for your LAN".
- Press OK button to close this screen.
- Press the OK button to close the Internet Options screen.
Please follow these instructions carefully.Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
!!! IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
Now, please run ComboFix:
- Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC1.png&hash=29e6fe1eb864e58b4b66611caa7d7b6be84a47f8)
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC2.png&hash=e111f6aa2d657579d44cabc5fb4258fd1dce26eb)
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
ok. followed instructions. it did not ask me about the console so I am assuming it was already on there. Here are the fresh logs.
Thanks again for rapid response!
ComboFix 10-08-02.01 - Debra 08/02/2010 15:05:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.893.380 [GMT -4:00]
Running from: c:\users\Debra\Desktop\Security\ComboFix.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Readme.txt
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.
2010-08-02 19:17 . 2010-08-02 19:18 -------- d-----w- c:\users\Debra\AppData\Local\temp
2010-08-02 19:17 . 2010-08-02 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-01 20:40 . 2010-08-01 20:40 -------- d-----w- c:\users\Debra\AppData\Roaming\Malwarebytes
2010-08-01 20:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 20:40 . 2010-08-01 20:40 -------- d-----w- c:\programdata\Malwarebytes
2010-08-01 20:40 . 2010-08-01 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 20:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 13:54 . 2010-08-01 13:54 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2010-08-01 13:48 . 2010-08-01 21:49 -------- d-----w- c:\program files\trend micro
2010-08-01 13:48 . 2010-08-01 13:49 -------- d-----w- C:\rsit
2010-08-01 13:14 . 2010-08-01 13:14 254324 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aesbx.dll
2010-08-01 13:14 . 2010-08-01 13:14 106868 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aevdf.dll
2010-08-01 13:14 . 2010-08-01 13:14 1364347 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll
2010-08-01 13:14 . 2010-08-01 13:14 127347 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescn.dll
2010-08-01 13:14 . 2010-08-01 13:14 614772 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aerdl.dll
2010-08-01 13:14 . 2010-08-01 13:14 471414 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aepack.dll
2010-08-01 13:13 . 2010-08-01 13:13 201081 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeoffice.dll
2010-08-01 13:13 . 2010-08-01 13:13 2830711 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll
2010-08-01 13:13 . 2010-08-01 13:13 242039 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aehelp.dll
2010-08-01 13:13 . 2010-08-01 13:13 393589 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aegen.dll
2010-08-01 13:13 . 2010-08-01 13:13 393588 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeemu.dll
2010-08-01 13:13 . 2010-08-01 13:13 192887 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aecore.dll
2010-08-01 13:13 . 2010-08-01 13:13 53618 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aebb.dll
2010-08-01 13:10 . 2010-08-01 13:10 -------- d-----w- c:\users\Debra\AppData\Roaming\Avira
2010-08-01 13:08 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-01 13:08 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-01 13:08 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-01 13:08 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-01 13:08 . 2010-08-01 13:08 -------- d-----w- c:\programdata\Avira
2010-08-01 13:08 . 2010-08-01 13:08 -------- d-----w- c:\program files\Avira
2010-07-22 04:16 . 2010-07-22 04:16 -------- d-----w- c:\programdata\AVS4YOU
2010-07-22 04:16 . 2010-07-22 04:16 -------- d-----w- c:\users\Debra\AppData\Roaming\AVS4YOU
2010-07-22 04:14 . 2010-07-22 04:15 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-22 04:14 . 2008-07-03 18:27 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-22 04:14 . 2008-07-03 18:27 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-22 04:14 . 2003-05-21 17:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-07-22 04:14 . 2010-07-22 04:41 -------- d-----w- c:\program files\AVS4YOU
2010-07-22 00:04 . 2010-07-22 00:04 1615200 ----a-w- c:\programdata\avg9\update(102)\backup\avgssie.dll
2010-07-22 00:04 . 2010-07-22 00:04 1615200 ----a-w- c:\programdata\avg9(167)\update(102)\backup\avgssie.dll
2010-07-22 00:04 . 2010-07-22 00:04 1107296 ----a-w- c:\programdata\avg9\update(102)\backup\avgxpl.dll
2010-07-22 00:04 . 2010-07-22 00:04 1107296 ----a-w- c:\programdata\avg9(167)\update(102)\backup\avgxpl.dll
2010-07-22 00:04 . 2010-07-22 00:04 921440 ----a-w- c:\programdata\avg9\update(102)\backup\avgemc.exe
2010-07-22 00:04 . 2010-07-22 00:04 921440 ----a-w- c:\programdata\avg9(167)\update(102)\backup\avgemc.exe
2010-07-22 00:04 . 2010-07-22 00:04 4368224 ----a-w- c:\programdata\avg9\update(102)\backup\avgcorex.dll
2010-07-22 00:04 . 2010-07-22 00:04 4368224 ----a-w- c:\programdata\avg9(167)\update(102)\backup\avgcorex.dll
2010-07-20 19:25 . 2010-07-20 19:25 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-07-20 19:19 . 2010-07-21 20:09 -------- d-----w- c:\program files\Sony Ericsson
2010-07-19 19:20 . 2010-07-20 20:17 -------- d-----w- c:\users\Debra\AppData\Roaming\Apple Computer
2010-07-19 19:20 . 2010-07-19 19:20 -------- d-----w- c:\users\Debra\AppData\Local\Apple Computer
2010-07-19 19:18 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-19 19:17 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-19 19:15 . 2010-07-19 19:15 -------- d-----w- c:\program files\iPod
2010-07-19 19:15 . 2010-07-19 19:16 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-19 19:15 . 2010-07-19 19:16 -------- d-----w- c:\program files\iTunes
2010-07-19 17:08 . 2010-07-19 17:11 -------- d-----w- c:\program files\QuickTime
2010-07-19 17:08 . 2010-07-19 19:15 -------- d-----w- c:\programdata\Apple Computer
2010-07-19 17:08 . 2010-07-19 17:08 -------- d-----w- c:\users\Debra\AppData\Local\Apple
2010-07-19 17:07 . 2010-07-19 17:07 -------- d-----w- c:\program files\Apple Software Update
2010-07-19 17:01 . 2010-07-19 17:01 -------- d-----w- c:\program files\Bonjour
2010-07-19 17:01 . 2010-07-19 19:15 -------- d-----w- c:\program files\Common Files\Apple
2010-07-19 17:01 . 2010-07-19 17:01 -------- d-----w- c:\programdata\Apple
2010-07-18 13:55 . 2010-08-01 01:51 -------- d-----w- c:\program files\McAfee Security Scan(1)
2010-07-18 13:02 . 2010-06-14 22:54 11776 ----a-w- c:\users\Debra\AppData\Roaming\Mozilla\Firefox\Profiles\k4kxsbup.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-07-18 12:53 . 2010-07-18 12:53 -------- d-----w- c:\users\Debra\AppData\Local\Mozilla
2010-07-15 23:40 . 2010-07-15 23:40 -------- d-----w- C:\denny
2010-07-14 03:21 . 2010-07-14 03:24 -------- d-----w- C:\e848a4ed68a812ec3b
2010-07-12 23:36 . 2010-07-12 23:36 -------- d-----w- c:\program files\Conduit
2010-07-12 23:36 . 2010-08-01 12:22 -------- d-----w- c:\program files\Oryte_Games_1.13
2010-07-12 22:46 . 2010-07-12 22:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-12 22:46 . 2010-07-12 22:46 12536 ----a-w- c:\windows\system32\avgrsstx(145).dll
2010-07-12 22:46 . 2010-07-12 22:46 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-12 22:46 . 2010-07-12 22:46 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 22:46 . 2010-07-12 22:46 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-12 22:46 . 2010-08-01 12:22 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-12 22:42 . 2010-08-01 12:22 -------- d-----w- c:\program files\AVG
2010-07-12 22:42 . 2010-08-01 01:51 -------- d-----w- c:\program files\AVG(0)
2010-07-12 22:42 . 2010-08-01 12:22 -------- d-----w- c:\programdata\avg9(167)
2010-07-12 22:42 . 2010-08-01 12:22 -------- d-----w- c:\programdata\avg9
2010-07-11 18:08 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-05 18:28 . 2010-07-05 19:02 -------- d-----w- c:\users\Debra\AppData\Local\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 22:15 . 2009-10-15 04:03 1356 ----a-w- c:\users\Debra\AppData\Local\d3d9caps.dat
2010-07-20 19:41 . 2010-07-20 19:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-18 13:55 . 2007-05-17 01:51 -------- d-----w- c:\programdata\McAfee
2010-07-14 03:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-12 21:07 . 2010-01-05 01:55 -------- d-----w- c:\users\Debra\AppData\Roaming\HpUpdate
2010-07-08 14:59 . 2010-03-01 05:11 -------- d-----w- c:\users\Debra\AppData\Roaming\GetRightToGo
2010-06-29 21:51 . 2009-04-28 13:06 -------- d-----w- c:\program files\Microsoft
2010-06-26 01:51 . 2007-08-07 03:09 -------- d-----w- c:\program files\Microsoft.NET
2010-06-16 00:01 . 2010-06-16 00:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-10 00:07 . 2007-08-07 03:07 -------- d-----w- c:\programdata\Microsoft Help
2010-06-05 15:35 . 2009-09-20 12:25 -------- d-----w- c:\program files\Windows Defender
2010-06-05 11:37 . 2009-04-28 13:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 17:06 . 2010-06-09 03:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 03:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685}"= "c:\program files\Oryte_Games_1.13\tbOryt.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685}]
2010-06-13 23:10 2734688 ----a-w- c:\program files\Oryte_Games_1.13\tbOryt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685}"= "c:\program files\Oryte_Games_1.13\tbOryt.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EA6905C1-AFE7-44A8-B5CF-5A41C3FDF685}"= "c:\program files\Oryte_Games_1.13\tbOryt.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112]
"HostManager"="c:\program files\Common Files\AOL\1209413314\ee\AOLSoftware.exe" [2006-09-26 50736]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-12 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):aa,b0,00,e5,ee,39,ca,01
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-22 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-12 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-12 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-12 243024]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2644241
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cnet.com\download
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: wachovia.com
Trusted Zone: wachovia.com
TCP: {2CD55E21-021A-4983-9CAE-6A5BE8FEADF0} = 205.188.146.145
DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} - hxxp://image.jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
FF - ProfilePath - c:\users\Debra\AppData\Roaming\Mozilla\Firefox\Profiles\k4kxsbup.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-02 15:18
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-08-02 15:24:23
ComboFix-quarantined-files.txt 2010-08-02 19:24
Pre-Run: 100,536,459,264 bytes free
Post-Run: 101,449,809,920 bytes free
- - End Of File - - E7D171012FA0F8ABD9E36019492E9C97
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:36:51 PM, on 8/2/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Common Files\aol\1209413314\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\hijackthis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2644241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\tbOryt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209413314\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE /UNINSTALL
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://download.cnet.com
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://image.jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD55E21-021A-4983-9CAE-6A5BE8FEADF0}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10947 bytes
Corrine,
I forgot to mention before that the internet still has to have "add-ons" turned off, i am still UNable to UNinstall AVG 9 (from the beginning of post), and the proxy server was on auto detect. I didn't have to uncheck anything because it wasn't checked in the first place.
Hope this info is useful.
Thanks,
Deb :goodie:
Hi, Deb.
Let's flush your DNS cache and restore the HOSTS file:
Please copy/paste the lines in bold below to Notepad:
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0Save as flush.bat to your desktop.
Right-click flush.bat and select "Run as Administrator" to run it. Your computer will reboot.
Personally, I would not allow any programs in the Trusted Zone. After all, even well known sites can be the victim of an SQL injection, hidden scripts, and more.If you elect to remove the entries from the Trusted Zone, please do the following:
- Launch Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab.
- Click Trusted Sites, and then click Sites.
- Click the site you want to delete, and then click Remove.
Please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
I know I shouldn't have done anything without permission, but my curiousity got the better of me... I did a reset on the IE settings and it fixed the internet problem. The reason I did it was because it wouldn't let me do anything with the scanner you suggested. After I reset, it let me download it and all. so I will post those logs in just a minute.
Debra
Good, IE is better then. The ESET scan may take a while so you may want to go grab a cup of tea or a cold drink.
You were right about the length of the scan, over an hour.... This doesn't seem right to me, but this was the log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Let me know if something happened. Other than that. Everything else seems good. I am going to look back over your suggestions to see what is a good fit for my friend. Then if anything happens after that. I will get her back in touch with you and your team. Thanks so much again....priceless.
Hi, Debra.
From a previous log, I am still seeing both AVG and Avira installed on the computer. I realize this was done Avira was installed when AVG was not working. It is now necessary to go to add-remove programs and uninstall one of the two as having two A/V programs can cause conflicts. In the event you have problems in the removal, both products offer assistance at the links below:
AVG: http://www.avg.com/us-en/download-tools
Avira: http://www.avira.com/en/pages/pages.php?id_pag=220
I also note a vulnerable version of Adobe Reader installed. Install the latest version of Adobe Reader from http://www.adobe.com/products/reader/ or Switch to an alternate PDF reader. There are a number of open source readers available from http://pdfreaders.org/.
Please do the following to implement cleanup procedures and also to reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).
Please let us know if you have any questions.
Everything seems great, Corrine. Thanks. Two last things. I still can't uninstall mozilla. I tried in regular mode and safe mode. It just doesn't run anything when I go to uninstall programs. Also, I decided to keep Avira and Malwarbytes. What else can your recommend? Something good for email that will go with both of those without conflict. Or what would you suggest if these wont work with something else.
Thanks again!
Debra :dance:
Probably the easiest option would be to upgrade your Avira from the free edition to Avira Antivir Premium. It is consistently one of the best performing av products in the reviews and the "paid for" version contains two content checkers, Webguard and Mailguard, that will check the pages that you browse to and your incoming mail.
I have no affiliation with Avira (the company), I have just been using their product for years.
http://www.avira.com/en/products/avira_antivir_premium.html
Sorry, I missed the question about Mozilla.
To manually remove it open Windows explorer and navigate to the following location:
C:\Program Files\Mozilla Firefox\uninstall
In that folder you should see a file named helper.exe (or just helper if you don't show file extensions)
Right click the helper file and select "Run as ..... Administrator"
That should kickstart the removal wizard.
Once that is complete you need to remove plugins, etc, by manually deleting the folder:
C:\Program files\Mozilla Firefox
Hi, Debra.
Did you have any problem with the ComboFix uninstall process or uninstalling AVG?
From: http://support.mozilla.com/en-US/kb/Uninstalling+Firefox
If the Uninstall Wizard does not run, you can start it manually, by running C:\Program Files\Mozilla Firefox\uninstall\helper.exe.
In addition, please note the followiing from the same site:
QuoteUninstalling Firefox with the default options does not remove your user profile, which includes personal information such as bookmarks, passwords and cookies. To do a clean uninstall, you should also remove these files.
1. If you want to preserve your bookmarks, passwords, cookies, and other user data and settings, see Backing up your information.
2. Delete the firefox folder that contains your profile folder and the profiles.ini file Delete the Firefox folder that contains the Profiles folder and the profiles.ini file - see How to find your profile for the location.
As to e-mail scanning, that is generally over-rated. Most antivirus programs real-time protection will "catch" an "infected message" if and when it is chosen to be opened. I do wonder, however, why you downloaded a Korean mail service. http://en.wikipedia.org/wiki/Daum
Let's see how updating Java works. Please go to add/remove programs and uninstall Java(TM) SE Runtime Environment 6. Then to remove the remnants of the older version, please download
JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.
- Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
- Click on Remove Older Versions to remove older versions of Java.
- A logfile will pop up. Please save it to a convenient location.
Then download and install
Java SE Runtime Environment (JRE) 6 Update 21.
Download Link: Java SE Runtime Environment 6u21 (https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u21-oth-JPR@CDS-CDS_Developer)
Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
While you are updating, there have been several security updates to Adobe Reader. Install the latest version of Adobe Reader from http://www.adobe.com/products/reader/
or Switch to an alternate PDF reader. There are a number of open source readers available from http://pdfreaders.org/.
To check if your system is missing security updates or has any other insecure applications installed, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
- Detects insecure versions of applications installed
- Verifies that all Microsoft patches are applied
- Assists you in updating your system and applications
You may want to install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html
My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html
Please let me know if you have additional questions or are still unable to to uninstall Firefox.
Edit Note: I see ETR posted while I was multi-tasking. I'll leave my response "as is" since we were both on a similar path. :)