I cannot get rid of my Mcafee

[Chris003]

First I tried to uninstall my Mcafee security center in my Add or Remove programs, but then I click remove and it just gives me a blank screen, Than I went to this link, http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
and downloaded that and I happened to get rid of Mcafee on my desktop and on control panel but but still appears to be a Mcafee icon down by where the clock is. So then I downloaded a Revo uninstaller and it wasn't there.

So here is a HijackThis log, a Malewarebyes' log and and uninstall list from hijackthis.

Uninstall list for HijackThis.
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
avast! Antivirus
CCleaner (remove only)
CDDRV_Installer
Collectorz.com Music Collector
Extensions Bundle 1.1
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HyperCam 2
Icy Tower v1.4
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
KhalInstallWrapper
Lexmark Photo Center
Logitech Communications Manager
Logitech SetPoint
Macromedia Extension Manager
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client (Minimal Installation)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Digital Image Standard 2006
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Location Finder
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2006
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenOffice.org Installer 1.0
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.85
Rogers Yahoo! Applications
Samsung ML-2510 Series
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SmartFTP Client
SmartFTP Client 2.5 Setup Files (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager (remove only)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Music Jukebox
Yahoo! Search Protection


underneath is Malwarebytes'

 

[Chris003]

Malwarebytes'

Malwarebytes' Anti-Malware 1.42
Database version: 3431
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/26/2009 4:30:52 AM
mbam-log-2009-12-26 (04-30-52).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 197682
Time elapsed: 2 hour(s), 57 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 31
Files Infected: 204

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellBotR (Backdoor.CYL) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regtool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\mdg\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-11-460 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\mdg\Application Data\RegTool\Logs\2009-05-01 20-05-570.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully.



and underneath is malwarebytes' continuing

 

[Chris003]

Malwarebytes'

C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-10-210\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\QuarantineW\2009-05-01 20-11-460\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\mdg\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\angie\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\002BCD51.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup\7_31_2008.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

underneath is HijackThis.

 

[Chris003]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:19 PM, on 12/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchsave.com/welcome.php?userID=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://portal.providence.on.ca/vdesk/terminal/InstallerControl.cab#version=6020,2008,1015,1912
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://portal.providence.on.ca/vdesk/terminal/urTermProxy.cab#version=6020,2008,1015,1902
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://portal.providence.on.ca/vdesk/terminal/urxhost.cab#version=6020,2008,1015,1906
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1ca0e1b789c76ca) (gupdate1ca0e1b789c76ca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11597 bytes

 

[wildbill]

Your going to need to update Malware Bytes. It's not the latest version.

 

[Chris003]

ok ty

 

[johnb35]

You had a lot of infections there but lets go one step further and run combofix.

Download it from this link and follow the instructions.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Click on the bleeping computer link part way down and when its done scanning please post the logfile that it displays at the end back here.

 

[Chris003]

alright

 

[Chris003]

Okay here is the log.

ComboFix 09-12-26.01 - mdg 12/26/2009 19:45:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.226 [GMT -5:00]
Running from: c:\documents and settings\mdg\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\recycler\S-1-5-21-1123561945-1960408961-839522115-1003
c:\recycler\S-1-5-21-2454857849-2498743925-2988314606-1003
c:\windows\system32\28463
c:\windows\system32\28463\akv.cfg
c:\windows\system32\28463\GYGE.001
c:\windows\system32\28463\GYGE.002
c:\windows\system32\28463\GYGE.005
c:\windows\system32\28463\GYGE.006
c:\windows\system32\28463\GYGE.008
c:\windows\system32\28463\GYGE.009
c:\windows\system32\28463\GYGE.009.tmp
c:\windows\system32\28463\JYLE.001
c:\windows\system32\28463\JYLE.002
c:\windows\system32\28463\JYLE.006
c:\windows\system32\28463\JYLE.009
c:\windows\system32\28463\KQMY.001
c:\windows\system32\28463\KQMY.002
c:\windows\system32\28463\KQMY.006
c:\windows\system32\28463\KQMY.009
c:\windows\system32\28463\KQMY.009.tmp
c:\windows\system32\28463\VJPY.009.tmp
c:\windows\system32\28463\VJPY.chm
c:\windows\system32\28463\VSIG.001
c:\windows\system32\28463\VSIG.006
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\SIntf16.dll
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-26 20:54 . 2009-12-26 20:54 -------- d-----w- c:\program files\VS Revo Group
2009-12-26 06:28 . 2009-12-26 06:28 -------- d-----w- c:\documents and settings\mdg\Application Data\Malwarebytes
2009-12-26 06:27 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 06:27 . 2009-12-26 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 06:27 . 2009-12-26 06:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 06:27 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 05:56 . 2009-12-26 05:56 -------- d-----w- c:\program files\Trend Micro
2009-12-25 04:10 . 2009-12-25 04:10 -------- d-----w- C:\games
2009-12-24 02:57 . 2009-12-24 02:57 -------- d-----w- c:\program files\Collectorz.com
2009-12-22 20:01 . 2009-12-23 23:43 152576 ----a-w- c:\documents and settings\mdg\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-22 19:58 . 2009-12-23 23:39 79488 ----a-w- c:\documents and settings\mdg\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 23:06 . 2008-10-05 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-26 20:45 . 2006-05-16 16:01 -------- d-----w- c:\program files\McAfee.com
2009-12-26 20:44 . 2008-10-05 17:04 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-26 20:42 . 2008-10-05 17:04 -------- d-----w- c:\program files\McAfee
2009-12-24 06:50 . 2009-09-04 01:37 69 ----a-w- c:\documents and settings\mdg\jagex_runescape_preferences2.dat
2009-12-24 06:48 . 2008-07-01 17:22 39 ----a-w- c:\documents and settings\mdg\jagex_runescape_preferences.dat
2009-12-24 02:07 . 2009-07-26 18:45 -------- d-----w- c:\program files\SwiftKit
2009-12-23 23:38 . 2009-07-13 05:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-22 20:04 . 2008-12-07 16:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 19:39 . 2007-04-07 22:15 -------- d-----w- c:\program files\Java
2009-12-17 04:09 . 2006-05-19 00:41 9380 ----a-w- c:\documents and settings\mdg\Application Data\wklnhst.dat
2009-12-01 20:05 . 2008-02-16 17:01 -------- d-----w- c:\program files\Conduit
2009-11-08 19:11 . 2008-04-07 19:38 -------- d-----w- c:\program files\Windows Live
2009-10-31 20:21 . 2009-10-03 23:07 -------- d-----w- c:\program files\2speced 10.4
2009-10-29 07:45 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 17:23 . 2006-09-25 20:14 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-12 17:23 . 2006-09-25 20:14 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-10-12 14:32 . 2006-05-23 23:38 60648 ----a-w- c:\documents and settings\angie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 13:38 . 2004-08-10 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2006-05-23 23:46 . 2006-05-23 23:46 49465 ----a-w- c:\program files\moviepass Terms.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"Update Manager"="c:\program files\Rogers\Update Manager\UpdateManager.exe" [2007-04-25 136768]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-09-14 3084288]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-25 536576]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-22 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 692224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 16:32 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"20861:TCP"= 20861:TCP:Service
"20877:TCP"= 20877:TCP:Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/9/2009 7:20 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/9/2009 7:20 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/26/2009 6:18 PM 54752]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [8/4/2008 6:55 PM 45848]
S2 gupdate1ca0e1b789c76ca;Google Update Service (gupdate1ca0e1b789c76ca);c:\program files\Google\Update\GoogleUpdate.exe [7/26/2009 1:04 PM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider; [x]
S2 SSPORT;SSPORT; [x]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 gUSBSTOi;gUSBSTOi; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://searchsave.com/welcome.php?userID=1
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
AddRemove-Extensions Bundle_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 19:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-12-26 20:02:42
ComboFix-quarantined-files.txt 2009-12-27 01:02

Pre-Run: 59,191,214,080 bytes free
Post-Run: 59,682,488,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - AF0CCE656FC759DA9039424C763A815C

 

[johnb35]

Ok. I think that has fixed your problem, try running the mcafee remover again. Let us know how it goes.

 

[johnb35]

Why are you deleting your posts? You can post a fresh hijackthis log if you wish.

 

[Chris003]

sorry my computer is not showing my posts

 

[Chris003]

ok here it is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:26 PM, on 12/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchsave.com/welcome.php?userID=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://portal.providence.on.ca/vdesk/terminal/InstallerControl.cab#version=6020,2008,1015,1912
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://portal.providence.on.ca/vdesk/terminal/urTermProxy.cab#version=6020,2008,1015,1902
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://portal.providence.on.ca/vdesk/terminal/urxhost.cab#version=6020,2008,1015,1906
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1ca0e1b789c76ca) (gupdate1ca0e1b789c76ca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11320 bytes

 

[johnb35]

Please rerun hijackthis and place a check next to these entries.

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

Then click on fix checked at the bottom. Now you should be good to go.

 

[Chris003]

ok thank you very much man!

 

[S.T.A.R.S.]

Why don't you simply delete the McAfee from its location using the Linux Ubuntu 9.04 and after that delete all its informations from the Windows registry using the REGISTRY EDITOR from Windows OS???That is much better way if you ask me.I have done it a million times...
Of course you must know what to delete from your HDD and especially what to delete from the registry otherwise you can forget about thisBut its not that hard.Spend few days to learn that and later your life will be more simple

Remember...KNOWLEDGE IS POWER!



Cheers mate!
Merry Christmas!!!

 

[Chris003]

lol thanks you too!