Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware removal


  • This topic is locked This topic is locked
62 replies to this topic

#1 pattat11

pattat11

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 13 June 2009 - 12:19 PM

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Patti at 12:13:43.57 on Sat 06/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.118 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patti\Local Settings\Temporary Internet Files\Content.IE5\BC8MRW7A\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: {08FAB88D-D0B1-4CC9-B806-08B5A42B2B8E} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Intuit QuickenPicks Toolbar : {92c7eaff-a661-44b6-9db3-bcf536744ada} - c:\program files\quickenpicks_toolbar\qnpxb.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegTool] c:\program files\regtool\RegTool.exe -boot
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [qnpxm] "c:\program files\quickenpicks_toolbar\qnpxt.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
dRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\windows\dvzcommon\DvzMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229747610046
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} - file://d:\albums\album_a\plugin\HPRMFFC.CAB
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5466/mcfscan.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\patti\applic~1\mozilla\firefox\profiles\0k92qzt9.default\
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-3-16 616408]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-1-14 26144]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090613.003\NAVENG.SYS [2009-6-13 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090613.003\NAVEX15.SYS [2009-6-13 876144]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-1-14 91830]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-12-20 1245064]

=============== Created Last 30 ================

2009-06-13 11:44 <DIR> --dsh--- c:\documents and settings\patti\IECompatCache
2009-06-13 10:28 <DIR> --d----- c:\program files\Trend Micro
2009-06-13 10:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-06-13 10:01 <DIR> --d----- c:\docume~1\patti\applic~1\Windows Search
2009-06-13 10:01 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 09:44 <DIR> --dsh--- c:\documents and settings\patti\IETldCache
2009-06-13 09:24 <DIR> --d----- C:\1ab586bebd18a5a01b5842
2009-06-13 09:04 <DIR> --d----- C:\7cb528e1607c03516c77cba47c
2009-06-13 09:02 <DIR> --d----- c:\windows\SxsCaPendDel
2009-06-13 08:46 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-13 08:46 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-13 08:45 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-13 08:41 <DIR> -cd-h--- c:\windows\ie8
2009-06-12 22:10 <DIR> --d----- c:\docume~1\patti\applic~1\Windows Desktop Search
2009-06-12 22:09 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-06-12 22:09 <DIR> --d----- c:\program files\Windows Desktop Search
2009-06-12 22:08 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-06-12 22:08 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-06-12 22:08 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-06-12 22:06 594,432 ac------ c:\windows\system32\dllcache\msfeeds.dll
2009-06-12 22:06 55,296 ac------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-06-12 22:06 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-12 22:06 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-06-12 22:06 1,241,088 ac------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-06-12 22:06 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-12 22:06 445,952 ac------ c:\windows\system32\dllcache\ieapfltr.dll
2009-06-12 22:06 3,698,584 ac------ c:\windows\system32\dllcache\ieapfltr.dat
2009-06-12 22:06 59,904 ac------ c:\windows\system32\dllcache\icardie.dll
2009-06-12 21:52 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-12 21:31 <DIR> --d----- c:\windows\system32\URTTEMP
2009-06-12 20:05 <DIR> --d----- c:\docume~1\patti\applic~1\RegTool
2009-06-12 20:04 <DIR> --d----- c:\program files\RegTool
2009-06-12 20:03 <DIR> --d----- c:\program files\Downloaded Installers
2009-06-12 19:20 <DIR> --d----- c:\program files\Enigma Software Group
2009-06-08 17:27 7,680 a--sh--- c:\windows\Thumbs.db
2009-06-08 17:15 5,120 a--sh--- c:\windows\system32\Thumbs.db
2009-06-08 06:30 23,984 a------- c:\windows\system32\drivers\pnarp.sys
2009-06-08 06:29 25,264 a------- c:\windows\system32\drivers\purendis.sys
2009-06-08 06:29 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-06-08 06:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-06-08 06:18 939,368 a----r-- c:\windows\system32\myflash.ocx
2009-06-01 16:56 <DIR> --d----- c:\docume~1\patti\applic~1\comcasttb
2009-06-01 07:06 <DIR> --d----- c:\program files\CA
2009-06-01 07:05 <DIR> --d----- c:\program files\comcasttb

==================== Find3M ====================

2009-06-08 06:18 5 a------- c:\program files\eula.txt
2009-06-08 06:18 14 a------- c:\program files\version.txt
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-14 11:40 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-12-17 13:25 61,224 a------- c:\documents and settings\patti\GoToAssistDownloadHelper.exe
2008-12-20 13:29 910,097 a--sh--- c:\windows\system32\SuFfNXyb.ini2

============= FINISH: 12:14:09.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:24 AM

Posted 14 June 2009 - 05:28 AM

Hello pattat11 and welcome to Bleeping Computer forum,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 11
    Java™ 6 Update 3
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
****************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

****************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 16 June 2009 - 07:31 PM

Thsi all made sense and I was going to try it but now I'm getting blocked fromt he download.
It says system administrator has set policies to prevent this installation.
I don;t get it, I am the administrator and I should be able to download.

I'm still at square one.
Any ideaas to get me past this?

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:24 AM

Posted 16 June 2009 - 09:23 PM

Hi pattat11,

Where is the Security Check log?

Did you do the Java update?

If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exe
Proceed installing the renamed installer of MBAM.

If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a quick scan.

If you can't update MBAM, manually download the database installer from http://malwarebytes.gt500.org/mbam-rules.exe
See also: http://malwarebytes.gt500.org/database.jsp
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 16 June 2009 - 10:07 PM

I could not download Java.
It says system administrator has set policies to prevent this installation.
I don't get it, I am the administrator and I should be able to download.
I've now done the check list, the malware log and a new hijack log.
I am going to reboot and check back tomorrow.
I can't beging to tell you how glad I am I found this site.
I am going to spread the word for sure.
I hope you can get me through this.



Sorry I forgot the check list.
Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
Norton360(SymantecCorporation)
Norton360HTMLHelp
Norton360
Norton360
NortonConfidentialCore
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Java™ 6 Update 11
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Norton360 ccSvcHst.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 41 seconds.
`````````End of Log```````````




Malwarebytes' Anti-Malware 1.37
Database version: 2291
Windows 5.1.2600 Service Pack 3

6/16/2009 9:55:18 PM
mbam-log-2009-06-16 (21-55-18).txt

Scan type: Quick Scan
Objects scanned: 111076
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 381

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Bat (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520 (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290 (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530 (Rogue.RegTool) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Patti\local settings\temporary internet files\Content.IE5\BC8MRW7A\setup-trial[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\Bat\Bat.info (Adware.Batco) -> Quarantined and deleted successfully.
c:\program files\Bat\Bat.original (Adware.Batco) -> Quarantined and deleted successfully.
c:\program files\Bat\un_BatSetup_15041.txt (Adware.Batco) -> Quarantined and deleted successfully.
c:\program files\Bat\X_Bat.log (Adware.Batco) -> Quarantined and deleted successfully.
c:\program files\RegTool\definitions.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\program files\RegTool\JkDefragLib_sourcecode.zip (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\program files\RegTool\LGPL for Defragger library.txt (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\program files\RegTool\privacy.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\program files\RegTool\RegTool.url (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-12 20-05-310.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-12 20-08-040.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-12 21-13-120.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-13 10-57-520.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-13 12-00-060.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-13 12-00-120.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-13 12-36-220.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-13 14-01-110.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-14 10-47-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-14 11-25-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-14 13-50-250.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-16 17-33-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-16 18-39-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-16 18-53-110.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-16 20-18-200.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-16 20-26-060.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\Logs\2009-06-16 20-58-130.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-18-520\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\file0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\file1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\file2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\file3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\file4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\file5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\file6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-12 20-33-290\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Patti\application data\RegTool\quarantinew\2009-06-14 11-14-530\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\2s6238OB.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\R8o521fc.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:43 PM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {08FAB88D-D0B1-4CC9-B806-08B5A42B2B8E} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO:  - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Intuit QuickenPicks Toolbar - {92C7EAFF-A661-44B6-9DB3-BCF536744ADA} - C:\Program Files\QuickenPicks_Toolbar\qnpxb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [qnpxm] "C:\Program Files\QuickenPicks_Toolbar\qnpxt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229747610046
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class) - file://D:\ALBUMS\ALBUM_A\PLUGIN\HPRMFFC.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...466/mcfscan.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9833 bytes

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:24 AM

Posted 16 June 2009 - 10:24 PM

Hi,

Please tell me why your first DDS log has Internet Explorer 8 and your Hijackthis log has Internet Explorer 6 :thumbup2:


Boot mode: Safe mode with network support



Why did you run Hijackthis with Safe mode with network support? I cant see the running processes when you run it like that. I hope you did not run Malwarebytes like that, as it is made to run in the Normal Mode.


Boot to the normal mode, run Hijackthis and post a fresh log.

Try downloading and installing Java now that you have run Malwarebytes.

Edited by SifuMike, 16 June 2009 - 11:01 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 17 June 2009 - 01:50 PM

I was trying to figure out what my problem was before I realized I had a bigger problem then what I thought.
I thought it was my IE and not malware or virus etc.

This moring before i left for work, I ran the hijack log and the malware log in regular mode.
(I ran in safe thinking that was the only way I can run anything)
I was not able to down load the new Java.
Something about system administrator has set propeties to stop installation but I am the admin so I don;t understand why it will not let me in either reg or safe mode.

In any case, when I get homw about 5, I will sit down and send you two clean logs.

I'm not sure what IE it will be sense I also tried to restore to an earlier date.
In any case, everything will be fresh and I won;t touch a thing till Ihear back from you.
I apologize as you are trying to help and people like me make it worse.

I really do appreciate your time on me.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:24 AM

Posted 17 June 2009 - 03:46 PM

Take your time. We are in no rush. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 18 June 2009 - 07:37 AM

Finally Java ran and installed.
I am sending you this morning 06/17/09 hijack file.
Malware runs for about 50 minutes and then freezes my computer.
It gets stuck after 10 files found and what I see at that point is....
system volume information\_restore36715e95-19cb-f9cb-4df6-9f78-38d124b0e25e\rp536\snapshot\repository\fs\objects.map

Here is the hijack file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:42 AM, on 6/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickenPicks_Toolbar\qnpxt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\QuickenPicks_Toolbar\qnpxp.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {08FAB88D-D0B1-4CC9-B806-08B5A42B2B8E} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO:  - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Intuit QuickenPicks Toolbar - {92C7EAFF-A661-44B6-9DB3-BCF536744ADA} - C:\Program Files\QuickenPicks_Toolbar\qnpxb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [qnpxm] "C:\Program Files\QuickenPicks_Toolbar\qnpxt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229747610046
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class) - file://D:\ALBUMS\ALBUM_A\PLUGIN\HPRMFFC.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...466/mcfscan.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10973 bytes

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:24 AM

Posted 18 June 2009 - 09:56 AM

Hi pattat11,


Please download FixPolicies.exe
and save to your Desktop.
For Windows XP ONLY. Do not run on any other Operating System.

You can ignore the warning about downloading this type of file.
Double-click FixPolicies.exe (this is a a self-extracting ZIP archive).
Click the "Install" button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Open the FixPolicies folder and double-click on Fix_Policies.cmd.
A black box will briefly appear and then close.
Restart your computer.

This fix is used to remove certain restrictions on your system often disabled by malware and reset them to Windows default.

Now see if you can download Java as per my previous post. Let me know the outcome.



***************


MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)


That version of Internet Explorer is ancient. :thumbup2: Go to this site http://www.microsoft.com/windows/internet-...er/default.aspx and install the new version of Internet Explorer.

***************

Malware runs for about 50 minutes and then freezes my computer.
It gets stuck after 10 files found and what I see at that point is....
system volume information\_restore36715e95-19cb-f9cb-4df6-9f78-38d124b0e25e\rp536\snapshot\repository\fs\objects.map


Was there an error code or number?





What version of Malwarebytes are you running? You should be running Malwarebytes 1.38, Database version 2304

Update it, run it again and post the Malwarebtyes log.

Edited by SifuMike, 18 June 2009 - 03:34 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 18 June 2009 - 04:48 PM

I hope you are not tiring of me yet.

I now have the new Java
I've uploaded the new IE.
I am going to try malware again adn run that and hopefully will get the latest version.
Once I do this or not, I'll send a fresh hijack this log and my rsults of malware if I can or can not get it to run all the way through.

Error message.

I do get this.
szAppname: nmsrvc.exe
szAppver:11.0.82680
szmod name:nmcore.dll
szmodver11.1.90051.0
offset:001d3ffo
I'll reply back later with more information

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:24 AM

Posted 18 June 2009 - 05:32 PM

Hi pattat11,

A quick question. :thumbup2: When do you get that error message? Is it when your run Malwarebytes? Or some other program.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 18 June 2009 - 06:16 PM

Ok, I just tried to run the updated malwarebytes and again in the same spot the program freezes my entire computer so it does not finish.
system volume information\_restore36715e95-19cb-f9cb-4df6-9f78-38d124b0e25e\rp536\snapshot\repository\fs\objects.map

The previous error message comes up during startup.
First I see

pure network paltform service encountered a problem and needs to close.
further information is the rest of that stuff.
szAppname: nmsrvc.exe
szAppver:11.0.82680
szmod name:nmcore.dll
szmodver11.1.90051.0
offset:001d3ffo

So I now have updaed java, updated IE, whcih I still can not access and everything in reg mode is tortoise slow however I did mange to sign on to mozilla this time.

The new hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:13 AM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickenPicks_Toolbar\qnpxt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QuickenPicks_Toolbar\qnpxp.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {08FAB88D-D0B1-4CC9-B806-08B5A42B2B8E} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO:  - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Intuit QuickenPicks Toolbar - {92C7EAFF-A661-44B6-9DB3-BCF536744ADA} - C:\Program Files\QuickenPicks_Toolbar\qnpxb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [qnpxm] "C:\Program Files\QuickenPicks_Toolbar\qnpxt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229747610046
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class) - file://D:\ALBUMS\ALBUM_A\PLUGIN\HPRMFFC.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...466/mcfscan.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11266 bytes

#14 pattat11

pattat11
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 18 June 2009 - 06:35 PM

ahhh! just looking around and realized that error message has to do with my router.
While trying to clean up my computer in the process of all of this.
I read that I didn't need the software for my linkseys and it could be uninstalled.
but now I see that it lingers around and I should have left it for Lela updates etc..

I'm still not doing anything else to my computer (hands off I said I would be ) until you advise.

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:24 AM

Posted 18 June 2009 - 09:18 PM

Hello pattat11,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your Norton Antivirus before running ComboFix, as it will prevent it from running.

To disable Norton Antivirus:  
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Disable Auto-Protect."
  • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
  • click "Ok."
  • a popup will warn that protection will now be disabled and the sign will now look like this: Posted Image
You succesfully disabled the Norton Antivirus Guard.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users