Free Malware Removal Forum

[jl43614]

Firefox, Safari, IE seems ok enough for now...

Thanks in advance for any help and advise:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:03 PM, on 11/2/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vphc600.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\DivX Installer\groupmanager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin600.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Safari\Safari.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [phc600] C:\Windows\vphc600.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [GroupManager] C:\Program Files\DivX Installer\groupmanager.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: TrayMin600.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13325 bytes

[askey127]

Hi jl43614,
You should stay off Party Poker if you value your PC, or adware may take over.
The only verified safe Poker site(s) are both Poker Stars.
Is your machine slow because of so many running startups?
-----------------------------------------------------------
Remove Programs Using Control Panel(Vista)
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Spybot S&D

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
If it asks whether you want to remove all settings, answer YES.
You can re-install it after we are through, if you wish.
-----------------------------------------------------------
Disable Windows Defender
Go to Start > All Programs > Windows Defender.
Click on the Tools menu, click General Settings, Scroll down to Real-Time Protection Options section and Deactivate the Real-Time Protection system.

Then, in the toolbar across the top there is a little downpointing arrow next to the question mark icon.
Click on that, get a drop down list. One of the options is to exit Windows Defender.
Click on that, and there will be a pop up asking if you are sure you want to exit. Click Yes/OK.

To start it up again, go to Start > All Programs > Windows Defender and it will start running again.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT Your Machine
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Right click on RSIT.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.
askey127

[jl43614]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jennifer at 2009-11-06 08:16:32
Microsoft® Windows Vista™ Home Premium
System drive C: has 157 GB (53%) free of 295 GB
Total RAM: 894 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:46 AM, on 11/6/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\vphc600.exe
C:\Program Files\DivX Installer\groupmanager.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin600.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Users\Jennifer\AppData\Local\Temp\hrk40d4n.tmp\RSIT.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Jennifer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [phc600] C:\Windows\vphc600.exe
O4 - HKLM\..\Run: [GroupManager] C:\Program Files\DivX Installer\groupmanager.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: TrayMin600.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8471 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{80B1681D-E9D0-4C93-94B6-7F06C37955C4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-07-30 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-28 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}]
jZip Webmail plugin - C:\Program Files\jZip\WebmailPlugin.dll [2009-03-02 591296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2009-07-30 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-07-30 909040]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-09 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-09 4390912]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"Skytel"=C:\Windows\Skytel.exe [2007-03-09 1822720]
"phc600"=C:\Windows\vphc600.exe [2006-10-16 344064]
"GroupManager"=C:\Program Files\DivX Installer\groupmanager.exe [2009-04-15 32256]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-02 2028312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Auto run of VideoCam Suite 1.0.lnk - C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE
TrayMin600.exe.lnk - C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin600.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 2 months======

2009-11-06 08:16:32 ----D---- C:\rsit
2009-11-06 08:01:11 ----A---- C:\Windows\system32\tdlwsp.dll
2009-11-06 07:34:49 ----SHD---- C:\Config.Msi
2009-11-04 17:42:59 ----A---- C:\Windows\system32\mshtml.dll
2009-11-02 19:46:40 ----D---- C:\Program Files\Trend Micro
2009-10-31 23:56:36 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-10-31 23:55:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-31 18:28:37 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-10-31 18:28:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-31 12:22:58 ----D---- C:\Program Files\Common Files\ArcSoft
2009-10-31 12:22:09 ----A---- C:\Windows\system32\unicows.dll
2009-10-31 12:22:09 ----A---- C:\Windows\PCDLIB32.DLL
2009-10-31 12:18:44 ----A---- C:\Windows\system32\emVFW.dll
2009-10-31 12:18:44 ----A---- C:\Windows\system32\emUSD.dll
2009-10-31 12:18:43 ----A---- C:\Windows\system32\emYUV.dll
2009-10-31 10:13:47 ----A---- C:\Windows\system32\GEARAspi.dll
2009-10-31 10:12:27 ----D---- C:\Program Files\iPod
2009-10-31 10:12:02 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-31 10:12:02 ----D---- C:\Program Files\iTunes
2009-10-31 10:04:24 ----D---- C:\Program Files\QuickTime
2009-10-31 09:48:15 ----AD---- C:\ProgramData\TEMP
2009-10-31 02:20:04 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-31 02:20:03 ----A---- C:\Windows\system32\spwmp.dll
2009-10-31 02:20:02 ----A---- C:\Windows\system32\dxmasf.dll
2009-10-29 18:23:14 ----D---- C:\ProgramData\52978435
2009-10-28 18:30:18 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 18:29:37 ----D---- C:\ProgramData\Lavasoft
2009-10-28 18:29:37 ----D---- C:\Program Files\Lavasoft
2009-10-27 16:32:23 ----A---- C:\Windows\system32\wmp.dll
2009-10-27 16:32:23 ----A---- C:\Windows\system32\wmp(282).dll
2009-10-27 16:32:11 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-27 16:32:11 ----A---- C:\Windows\system32\wmploc(283).DLL
2009-10-25 18:15:38 ----D---- C:\Users\Jennifer\AppData\Roaming\ArcSoft
2009-10-25 16:29:10 ----SHD---- C:\Users\Jennifer\AppData\Roaming\Windows System Defender
2009-10-25 15:38:47 ----D---- C:\Program Files\ArcSoft
2009-10-25 15:37:07 ----D---- C:\Program Files\USB_video_device
2009-10-15 13:47:15 ----A---- C:\Windows\system32\wdigest.dll
2009-10-15 13:47:15 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-15 13:47:14 ----A---- C:\Windows\system32\secur32.dll
2009-10-15 13:47:14 ----A---- C:\Windows\system32\lsass.exe
2009-10-15 13:47:14 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-15 13:47:02 ----A---- C:\Windows\system32\wininet.dll
2009-10-15 13:47:01 ----A---- C:\Windows\system32\urlmon.dll
2009-10-15 13:47:00 ----A---- C:\Windows\system32\ieframe.dll
2009-10-15 13:46:59 ----A---- C:\Windows\system32\mstime.dll
2009-10-15 13:46:59 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-15 13:46:58 ----A---- C:\Windows\system32\occache.dll
2009-10-15 13:46:58 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-15 13:46:58 ----A---- C:\Windows\system32\iertutil.dll
2009-10-15 13:46:58 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-15 13:46:58 ----A---- C:\Windows\system32\ieaksie.dll
2009-10-15 13:46:58 ----A---- C:\Windows\system32\dxtmsft.dll
2009-10-15 13:46:57 ----A---- C:\Windows\system32\mshtmled.dll
2009-10-15 13:46:57 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-15 13:46:57 ----A---- C:\Windows\system32\ieencode.dll
2009-10-15 13:46:57 ----A---- C:\Windows\system32\icardie.dll
2009-10-15 13:46:57 ----A---- C:\Windows\system32\dxtrans.dll
2009-10-15 13:46:56 ----A---- C:\Windows\system32\pngfilt.dll
2009-10-15 13:46:56 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-15 13:46:56 ----A---- C:\Windows\system32\ieui.dll
2009-10-15 13:46:56 ----A---- C:\Windows\system32\iesetup.dll
2009-10-15 13:46:56 ----A---- C:\Windows\system32\iernonce.dll
2009-10-15 13:46:56 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-15 13:46:56 ----A---- C:\Windows\system32\advpack.dll
2009-10-15 13:46:56 ----A---- C:\Windows\system32\admparse.dll
2009-10-15 13:46:55 ----A---- C:\Windows\system32\mshtmler.dll
2009-10-15 13:46:55 ----A---- C:\Windows\system32\ieakui.dll
2009-10-15 13:46:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-15 13:46:32 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-15 13:46:17 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-15 13:46:17 ----A---- C:\Windows\system32\EncDec.dll
2009-10-15 13:46:14 ----A---- C:\Windows\system32\mcmde.dll
2009-10-15 13:45:55 ----A---- C:\Windows\system32\msasn1.dll
2009-10-15 13:45:48 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-14 19:11:33 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-10-14 19:11:33 ----A---- C:\Windows\system32\x3daudio1_2.dll
2009-10-14 19:11:30 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-10-14 19:11:30 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-10-14 19:11:26 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-10-14 19:11:24 ----A---- C:\Windows\system32\xinput1_3.dll
2009-10-07 18:57:40 ----D---- C:\Users\Jennifer\AppData\Roaming\SLiteChat
2009-10-07 18:53:35 ----D---- C:\Program Files\Dooglio.NET
2009-10-03 23:42:49 ----D---- C:\Program Files\Microsoft
2009-10-03 11:20:10 ----A---- C:\Windows\system32\wups2.dll
2009-10-03 11:20:10 ----A---- C:\Windows\system32\wucltux.dll
2009-10-03 11:20:10 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-03 11:20:09 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-03 11:19:24 ----A---- C:\Windows\system32\wups.dll
2009-10-03 11:19:24 ----A---- C:\Windows\system32\wudriver.dll
2009-10-03 11:19:24 ----A---- C:\Windows\system32\wuapi.dll
2009-10-03 11:18:35 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-03 11:18:35 ----A---- C:\Windows\system32\wuapp.exe
2009-10-02 16:34:13 ----A---- C:\Windows\system32\MpSigStub.exe
2009-09-09 18:38:47 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 18:38:45 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-09 18:38:44 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 18:38:44 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 18:38:44 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 18:38:44 ----A---- C:\Windows\system32\netiougc.exe
2009-09-09 18:38:44 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 18:38:44 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 18:38:44 ----A---- C:\Windows\system32\finger.exe
2009-09-09 18:38:44 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 18:38:43 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 18:37:18 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 18:37:18 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 18:37:18 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 18:37:18 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-09 18:37:18 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 18:37:18 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 18:37:12 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 18:37:11 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-09 18:37:11 ----A---- C:\Windows\system32\mfps.dll
2009-09-09 18:37:11 ----A---- C:\Windows\system32\mf.dll
2009-09-09 18:37:10 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-09 18:37:10 ----A---- C:\Windows\system32\mferror.dll
2009-09-09 18:35:36 ----A---- C:\Windows\system32\jscript.dll
2009-09-08 16:32:30 ----D---- C:\89f1cda1df57308b3f86
2009-09-08 05:49:01 ----D---- C:\Program Files\MSXML 4.0

======List of files/folders modified in the last 2 months======

2009-11-06 08:16:36 ----D---- C:\Windows\Temp
2009-11-06 08:15:03 ----D---- C:\Windows\Tasks
2009-11-06 08:10:19 ----D---- C:\Windows\System32
2009-11-06 08:10:19 ----D---- C:\Windows\inf
2009-11-06 08:10:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-06 07:55:48 ----D---- C:\Windows\system32\drivers
2009-11-06 07:53:29 ----SHD---- C:\System Volume Information
2009-11-06 07:52:54 ----HD---- C:\$AVG8.VAULT$
2009-11-06 07:42:38 ----RD---- C:\Program Files
2009-11-06 07:41:58 ----SHD---- C:\Windows\Installer
2009-11-06 07:41:21 ----D---- C:\Windows\Prefetch
2009-11-06 07:41:18 ----D---- C:\Program Files\DivX
2009-11-06 07:38:31 ----D---- C:\Program Files\Common Files\AVSMedia
2009-11-06 07:38:28 ----D---- C:\Program Files\AVS4YOU
2009-11-06 07:35:23 ----D---- C:\Program Files\Common Files
2009-11-06 03:02:13 ----D---- C:\Windows\winsxs
2009-11-05 20:36:07 ----D---- C:\ProgramData\Google Updater
2009-11-05 20:36:02 ----D---- C:\Windows\system32\Tasks
2009-11-05 03:20:04 ----HD---- C:\ProgramData
2009-11-05 03:20:04 ----D---- C:\WINDOWS
2009-11-05 03:18:38 ----D---- C:\Windows\system32\catroot2
2009-11-05 03:11:17 ----D---- C:\Users\Jennifer\AppData\Roaming\Skype
2009-11-05 03:00:20 ----D---- C:\Users\Jennifer\AppData\Roaming\skypePM
2009-11-04 17:55:09 ----D---- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org2
2009-11-04 17:41:16 ----D---- C:\Windows\system32\catroot
2009-11-01 11:44:52 ----D---- C:\Program Files\Mozilla Firefox
2009-11-01 11:44:48 ----D---- C:\Users\Jennifer\AppData\Roaming\Mozilla
2009-11-01 11:41:30 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-11-01 11:39:48 ----D---- C:\Program Files\PokerStars
2009-11-01 11:39:33 ----D---- C:\Program Files\PokerStars.NET
2009-11-01 09:55:25 ----D---- C:\Windows\system32\en-US
2009-11-01 09:55:12 ----D---- C:\Program Files\Windows Media Player
2009-11-01 09:50:13 ----D---- C:\Program Files\Media Catalog Studio
2009-10-31 20:53:01 ----D---- C:\Users\Jennifer\AppData\Roaming\Apple Computer
2009-10-31 12:30:50 ----D---- C:\Windows\twain_32
2009-10-31 10:13:46 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-31 10:12:26 ----D---- C:\Program Files\Common Files\Apple
2009-10-31 09:38:43 ----D---- C:\Program Files\Safari
2009-10-31 02:05:24 ----D---- C:\Windows\system32\wbem
2009-10-31 02:04:16 ----D---- C:\Windows\system32\config
2009-10-31 02:03:32 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-31 02:03:31 ----D---- C:\Windows\system32\spool
2009-10-31 02:03:31 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-31 02:03:25 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-31 02:03:19 ----D---- C:\Windows\registration
2009-10-31 01:50:56 ----D---- C:\Windows\Logs
2009-10-28 18:39:14 ----D---- C:\Program Files\Google
2009-10-25 15:49:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-24 16:55:59 ----D---- C:\Program Files\Graboid
2009-10-16 19:41:30 ----D---- C:\Program Files\PKR
2009-10-16 06:09:53 ----D---- C:\Windows\Microsoft.NET
2009-10-16 06:09:46 ----RSD---- C:\Windows\assembly
2009-10-16 05:46:49 ----D---- C:\Windows\system32\migration
2009-10-16 05:46:49 ----D---- C:\Program Files\Internet Explorer
2009-10-16 05:46:45 ----D---- C:\Windows\AppPatch
2009-10-16 05:46:42 ----D---- C:\Program Files\Windows Mail
2009-10-16 05:46:41 ----D---- C:\Windows\ehome
2009-10-11 10:23:53 ----D---- C:\ProgramData\Yahoo! Companion
2009-10-11 10:05:57 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-02 13:01:57 ----A---- C:\Windows\system32\mrt.exe
2009-09-10 02:20:08 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-28 335240]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-06-12 108552]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
R3 DCamUSBEMPIA;USB 2861 Video; C:\Windows\system32\DRIVERS\emDevice.sys [2007-06-21 171136]
R3 emAudio;USB EMP Audio Device; C:\Windows\system32\drivers\emAudio.sys [2007-01-12 22912]
R3 FiltUSBEMPIA;USB Device Lower Filter; C:\Windows\system32\DRIVERS\emFilter.sys [2007-06-21 5248]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 phc600;USB PC Camera (SPC600NC); C:\Windows\system32\DRIVERS\phc600.sys [2006-10-16 422144]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-08 67072]
R3 ScanUSBEMPIA;USB Still Image Capture Device; C:\Windows\system32\DRIVERS\emScan.sys [2007-06-21 5120]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2007-03-05 71552]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
S3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\Windows\system32\DRIVERS\splitcam.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-29 610304]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-28 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\System32\bgsvcgen.exe [2007-06-15 145504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-12-09 65536]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

-----------------EOF-----------------

[jl43614]

info.txt logfile of random's system information tool 1.06 2009-11-06 08:16:51

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft MediaConverter 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A72FC039-FE41-4BAD-B36E-64368EC54B54}\Setup.exe" -l0x9
ArcSoft ShowBiz DVD 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9FC434F-9950-487C-82F1-E1515FA70DA4}\Setup.exe" -l0x9
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Before You Know It 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6521E5-48F9-4E73-BC9C-CF609FA43BA5}\Setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
GIMPshop 2.2.8-->C:\Program Files\GIMPshop\bin\uninst.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
Media Catalog Studio 5.9-->"C:\Program Files\Media Catalog Studio\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{b78120a0-cf84-4366-a393-4d0a59bc546c}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Motorola Driver Installation 3.2.0-->MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Movie Templates - Starter Kit-->MsiExec.exe /X{e498385e-1c51-459a-b45f-1721e37aa1a0}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{f1861f30-3419-44db-b2a1-c274825698b3}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Live-->MsiExec.exe /X{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode CE-->C:\Windows\UNRecode.exe /UNINSTALL
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero Rescue Agent-->MsiExec.exe /X{368ba326-73ad-4351-84ed-3c0a7a52cc53}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
Nero WaveEditor-->MsiExec.exe /X{a209525b-3377-43f4-b886-32f6b6e7356f}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
NeroLiveGadget-->MsiExec.exe /X{9e9fdde6-2c26-492a-85a0-05646b3f2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SLiteChat SLiteChat for Windows-->C:\Program Files\Dooglio.NET\SLiteChat\Uninstall.exe
SoftThinks Recovery Center Installer-->MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
SoundTrax-->MsiExec.exe /X{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
SPC 600NC PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A7927AE-0E32-4AA7-A205-9E1DDB4D8AB3}\Setup.exe" -l0x9
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB Audio/Video Driver-->C:\Program Files\InstallShield Installation Information\{CFB75739-90E3-4D26-83B5-25CA8262A991}\setup.exe -runfromtemp -l0x0009 -removeonly
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoCam Suite 1.0-->C:\Program Files\InstallShield Installation Information\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}\setup.exe -runfromtemp -l0x0009 -removeonly
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-11-06]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2009-11-06]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-11-06]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2009-11-06]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) [2009-11-06]
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe [2009-11-06]
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) [2009-11-06]

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

======System event log======

Computer Name: Jennifer-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance.
Record Number: 106039
Source Name: ACPI
Time Written: 20091106124526.952402-000
Event Type: Error
User:

Computer Name: Jennifer-PC
Event Code: 1008
Message: Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=143471
Scan ID: {558FD4EB-4405-490B-BD05-6845A3F48958}
Scan Type: AntiMalware
User: Jennifer-PC\Jennifer
Name: Trojan:Win32/Alureon.gen!U
ID: 143471
Severity ID: 5
Category ID: 8
Path:
Action: Remove
Error Code: 0x80508022
Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
Record Number: 106143
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20091106125335.000000-000
Event Type: Error
User:

Computer Name: Jennifer-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance.
Record Number: 106155
Source Name: ACPI
Time Written: 20091106125527.952402-000
Event Type: Error
User:

Computer Name: Jennifer-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance.
Record Number: 106270
Source Name: ACPI
Time Written: 20091106130458.952402-000
Event Type: Error
User:

Computer Name: Jennifer-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance.
Record Number: 106386
Source Name: ACPI
Time Written: 20091106131142.952402-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Jennifer-PC
Event Code: 1000
Message: Faulting application Picasa3.exe, version 3.1.71.43, time stamp 0x49fb418a, faulting module RPCRT4.dll, version 6.0.6000.16850, time stamp 0x49f066bd, exception code 0xc0000005, fault offset 0x000b2d54, process id 0xb80, application start time 0x01ca5e85c499ede0.
Record Number: 15158
Source Name: Application Error
Time Written: 20091106021840.000000-000
Event Type: Error
User:

Computer Name: Jennifer-PC
Event Code: 10010
Message: Application 'C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe' (pid 3216) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 15171
Source Name: Microsoft-Windows-RestartManager
Time Written: 20091106123447.602600-000
Event Type: Warning
User: Jennifer-PC\Jennifer

Computer Name: Jennifer-PC
Event Code: 10010
Message: Application 'C:\WINDOWS\explorer.exe' (pid 264) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 15172
Source Name: Microsoft-Windows-RestartManager
Time Written: 20091106123447.618200-000
Event Type: Warning
User: Jennifer-PC\Jennifer

Computer Name: Jennifer-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-475886384-2983968353-1077306593-1000:
Process 4948 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-475886384-2983968353-1077306593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 4948 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-475886384-2983968353-1077306593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 15198
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091106124422.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Jennifer-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5aff9b3b-79db-41a8-9a8f-26bce6d13c84}
Record Number: 15227
Source Name: VSS
Time Written: 20091106125306.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Jennifer-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: JENNIFER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Jennifer
Account Domain: Jennifer-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2a8
Process Name: C:\WINDOWS\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 35899
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091106131249.996095-000
Event Type: Audit Success
User:

Computer Name: Jennifer-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: JENNIFER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-475886384-2983968353-1077306593-1000
Account Name: Jennifer
Account Domain: Jennifer-PC
Logon ID: 0x512ad
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2a8
Process Name: C:\WINDOWS\System32\winlogon.exe

Network Information:
Workstation Name: JENNIFER-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 35900
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091106131249.996095-000
Event Type: Audit Success
User:

Computer Name: Jennifer-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: JENNIFER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-475886384-2983968353-1077306593-1000
Account Name: Jennifer
Account Domain: Jennifer-PC
Logon ID: 0x512cc
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2a8
Process Name: C:\WINDOWS\System32\winlogon.exe

Network Information:
Workstation Name: JENNIFER-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 35901
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091106131249.996095-000
Event Type: Audit Success
User:

Computer Name: Jennifer-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-475886384-2983968353-1077306593-1000
Account Name: Jennifer
Account Domain: Jennifer-PC
Logon ID: 0x512ad

Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
Record Number: 35902
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091106131249.996095-000
Event Type: Audit Success
User:

Computer Name: Jennifer-PC
Event Code: 4625
Message: An account failed to log on.

Subject:
Security ID: S-1-5-21-475886384-2983968353-1077306593-1000
Account Name: Jennifer
Account Domain: Jennifer-PC
Logon ID: 0x512cc

Logon Type: 4

Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name: Jennifer
Account Domain:

Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a

Process Information:
Caller Process ID: 0xd84
Caller Process Name: C:\WINDOWS\System32\wpcumi.exe

Network Information:
Workstation Name: JENNIFER-PC
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 35903
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091106131312.801295-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\jZip;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

[askey127]

jl43614,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Adobe Reader 8.1.3
(Unless you use AOL, you should also get rid of Bonjour)
-----------------------------------------------------------
REBOOT Your Machine
---------------------------------------------
Run CKScanner
Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
------------------------------------------------
Run RootRepeal
Download RootRepeal.zip from here & unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  Files
  Processes
  SSDT
  Stealth Objects
  Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File then Exit to close the program

Please post the log from CKScanner and the contents of RootRepeal.txt from your desktop.
askey127

[jl43614]

askey127,

Thank you for your continued assistance and efforts,

I was able to remove those programs, and run CKScanner, but RootRepeal was gives me an FOPS error and will not run. I tried downloading it from some mirror sites and kept getting the same error. Here is the text from the CKScanner...

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimpshop\bin\share\gimp\2.0\patterns\cracked.pat
c:\program files\gimpshop\share\gimp\2.0\patterns\cracked.pat
c:\programs\partygaming\partycasino\language\en_us\images\games\cardgames\blackjack\bjbar_safecrackerkeno_icon.jpg
scanner sequence 3.CP.11
----- EOF -----

[askey127]

jl43614,
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware
Please go here to the Download Location, click on Download.

• After clicking on the download and choosing Save, the "Save to location" dialog will come up.
• Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
• You should now have a desktop icon named mbam-setup.exe.
• Right click it, choose Run as administrator and Continue
• Let it install where it wants to, with the default settings, and click Finish.
• If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
• If necessary, start Malwarebytes Anti-Malware again.
• Once the program has started up, select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
• The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents. The logs are listed and named by time/date stamp.

askey127

[jl43614]

Malwarebytes' Anti-Malware 1.41
Database version: 3113
Windows 6.0.6000

11/6/2009 6:05:33 PM
mbam-log-2009-11-06 (18-05-33).txt

Scan type: Quick Scan
Objects scanned: 98776
Time elapsed: 12 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 560

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GroupManager (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\52978435 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Roaming\Windows System Defender (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Temp\mscr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\msfw.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fcbx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fxca.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fyai.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fyml.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gbue.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gcoj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gdex.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gdkr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gejj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gexk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tnje.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tokf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tpuw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tqjm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pevb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pglh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pgwf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\phep.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pity.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pjcx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pkju.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\avvg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\awdj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\axlg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\axvg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bayy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bcvb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bedr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bfrx.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dfhg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dfyk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dgeh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dgsj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dhmm.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dhtp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lqxy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lrjd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ludb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lumq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lvxu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kksy.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kkwm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kkxa.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\klty.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kmxb.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kniu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kobf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sjkk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sjmo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sjoc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\skto.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\skwx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slkc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\snht.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\soib.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\spbg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\spdp.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\spsc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sqhx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eimn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eisr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eity.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ejmk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ekfu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eknr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ekou.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nymy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oacm.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\obie.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ocaw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ocgq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ocuq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oelh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oetj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ogqe.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hisx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hiwr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hkqp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hlwv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hmfe.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hnqy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hoan.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wkmu.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wnfm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wntf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpvf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wrfe.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\catx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ccmb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cfxp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cjcd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cjfj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xmjf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xmkr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xmun.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xnhw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xnwb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xpgd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xpha.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rnpn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rnrr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rnvq.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rpbp.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rrfb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teds.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tfmu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\thxi.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\thxo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\timi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tjsl.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iyfw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iyyo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jdit.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jdjf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vjxb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vklx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vlcg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gjvl.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gkjt.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gmrx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\goip.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gojm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\extr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eyjg.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eyxw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\falm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fayr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lksu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lmun.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lmxd.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yhss.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yitl.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qoqu.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qugk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\quyj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\njkf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nkqr.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nlcf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nmmg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nmyq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nnam.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nnix.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nolv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nekd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\onng.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oolb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oram.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\orxv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\otaf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\otii.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ouko.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mhey.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mhgv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mjwn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mosx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cphf.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cpif.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cpoh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvip.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvkd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvve.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cwvb.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cxgt.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wujn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wusf.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wvwm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wwru.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ryvt.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\scts.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sctu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sdba.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iaoy.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ichf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\idel.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ieps.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iggw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ihbk.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ihiv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bnwg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bnyh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bqgu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bqny.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bscr.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\srur.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sskt.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\stnl.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\stxh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svkg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svth.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\swge.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\swrr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\swyn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ufxa.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uhia.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uhjk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uhrd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uiie.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ujfy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ujkh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\juvq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jxgb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jxgs.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kbjy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kchq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\keac.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rrrx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\alas.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\amek.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\antn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\anuk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\anys.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fgtj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fhyw.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fixt.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fjgc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fmbi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fmqd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fogj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kvoj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kvqu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kvsx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kwrq.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kxpg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kyxy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lamh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\laok.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lbuo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lcfb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vywo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wagk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wahn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wamj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\waos.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wcwy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wdif.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pstv.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ptqy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pved.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pwrb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pxfd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pxko.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qaew.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qcao.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\imvj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\inaj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iohm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ipci.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iqln.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iqsv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xwef.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xysq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xysv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ychr.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ycsg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ydkr.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yqba.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yqcu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yqgy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yqot.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yqsv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yrsi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yrxd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ytqa.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ytsv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mxup.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\myrv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nbbh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ncvb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ndme.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsrb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nvdw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nvjg.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nwcm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tyoh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tytw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uasd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ubjy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\elti.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eltm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eobj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eocm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eooq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jjqw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jkqd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jlwu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jpav.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ovej.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\owey.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oxhe.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oybq.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oyme.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pban.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pekg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\utpy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uujq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uxnr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\htoa.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hudy.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\humo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hurd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\huwc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hvdj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hwrj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hwxr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cyaq.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cycl.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dbxp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dctc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\refx.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rell.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rfid.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rkms.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rkvu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rkwx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bsor.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\btko.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\btvv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rtqi.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rtxa.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ruch.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rupk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ruti.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rvfs.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rvhr.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rwgj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rxgi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gtnf.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gtri.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gxgt.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gypo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\haao.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xcxa.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xeht.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xgch.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xgxr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xhfo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xirv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xjny.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xjrf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sxbc.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tdkn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ukrw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vwpw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xqbo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ydxr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yjmx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yppa.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ditj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dkpt.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dmgq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dofa.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eggo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\aajv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\abbs.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\acrs.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\adre.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\aejm.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\aepd.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\afjx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\afqi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\afsj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gfsa.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gjqd.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\arel.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\asqk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\atjs.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\atuy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\auhm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\auti.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\auys.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wfjd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\whlu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lyac.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lyxg.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\maxb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\maxi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mayr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mdku.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\megv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mgjd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pmjx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pnca.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pnjm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pnpi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ppcd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\prfy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\prqu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\prye.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qeij.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qffx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qfyx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qgew.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qiml.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qkoo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qkvd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qlkd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vmxp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\volg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vorx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vqmj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vqpv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vquj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vtrm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vuim.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vwej.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sycf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sylu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tcoy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tcsq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cjwx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ckkj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\clma.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\clvn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cnnt.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cocg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kfdf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kfdr.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\khov.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kjdp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kjec.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kjwi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hagu.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jrud.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lkny.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bhob.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\biyj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bjfn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bjlp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bjsk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bkhi.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bkmc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ijnl.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iklb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fpat.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fphq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\frtl.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ftcv.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fupc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fvck.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kpnp.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kqbd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kqjn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kume.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kusf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiuv.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oixk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiyd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\olis.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oltn.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\olvq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\omts.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sgpw.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\shnh.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\show.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\shry.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lehj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lfgm.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ljer.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ljmi.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ivfy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iwde.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iwov.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iwxg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iwye.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ixix.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yxet.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yxgc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yxra.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yyce.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yypg.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yyrj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jfar.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jffh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jght.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jhjh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jhjy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jhnx.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jina.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jite.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jiyv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jjcl.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jjfb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ulio.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\unoq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uoeh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uqmj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\urio.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\usiu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fcte.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fdrc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fgbs.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ddif.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ddkr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xqfx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xrbc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xrer.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xskb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xsod.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xtjp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xtmu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xvck.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qwhs.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qxbv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qxqe.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qxti.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qymd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rasy.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ravr.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mtth.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mwvb.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mwyh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yjrm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yjug.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ymdv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ymwq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yncy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\youd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ypkm.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ngpj.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nguk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nqwi.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nrlx.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\epqc.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eqbs.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eqfg.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\esjp.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eslo.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\espd.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wxis.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wxxm.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wyuf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xbek.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xbev.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hapk.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hauh.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hcbq.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hcqn.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vcgs.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\veon.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bvti.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bvxf.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\byvi.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ucdy.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ucxu.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\udar.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\udri.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ueso.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\trel.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\trvp.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tsir.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tsqv.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ttct.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tvwi.tmp (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\twhe.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Jennifer\AppData\Roaming\Windows System Defender\cookies.sqlite (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bnbj.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bnmb.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\DivX Installer\groupmanager.exe (Backdoor.Bot) -> Delete on reboot.

[askey127]

jl43614,
Because the Malwarebytes Anti-Malware application found a "backdoor" trojan horse, I feel obligated to follow through with the following information:
-----------------------------------------------------------
Unfortunately, you have had a very dangerous infection, with "backdoor" capabilities.
This can give remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.
The SAFEST advice is to do the following :

• Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
• From a clean computer, change *ALL* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
• Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information.

Because of the infection's backdoor functionality(i.e., remote control capability), the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned". (This type of infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).

These infections are serious enough that removing them without damaging the Windows System is no sure thing. This is your choice to make.
The following articles may be of assistance in your decision:

• Danger: Remote Access Trojans.
• When should I re-format? How should I reinstall?
• How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?

Should you have any questions, please feel free to ask.

If you read the above, and still decide you want to proceed with cleaning it, please do as follows:
------------------------------------------------------------
Download the latest version of Java Runtime Environment here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
Scroll down - It is currently the 5th item on the page (the page changes often), called JRE 6 Update 17
Select Windows and multi-language, and check to agree to the license.
Choose Windows Offline installation version.
Download it, choose Save, and save it to your desktop.
Then doubleclick it, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
-----------------------------------------------------
Run an Online Kaspersky WebScan

• Please go to Kaspersky website and perform an online antivirus scan.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post the contents of this log in your next reply.

askey127

[jl43614]

Ok, backing up my data now. I am working on changing my passwords from a different location. I checked my bank account, etc. and it appears that they have not been compromised, but changed passwords, etc. from different machine.

A few questions if you do not mind...

~How can I prevent this from happening again? I have AVG running constantly and
a password protected firewall. I use Firefox or Safari.

~Once I format and reinstall Windows, is there anything else I should install to ensure that my computer will be safe from an infection from that point?

[askey127]

jl43614,
1) You should have one name brand AntiVirus, up to date.
AVG is OK for a free one. I use the paid version of Avira Antivir. (about $26 USD/year)

2)For an AntiSpyware, I would recommend the paid version of Malwarebytes Anti-Malware. 26$ USD lifetime. http://www.malwarebytes.org/mbam-download.php

3) Winpatrol :

Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

4)

Replace the "Standard" Empty HOSTS File with MVPs
Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.

• Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
• In the bottom half of the left pane, click on File Handling
• If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
• Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
• Click on the top button labeled MVPs Hosts and choose Replace
• When asked to verify if you want to Replace present Hosts file, click OK.
• When it finishes , click on File Handling again.
• Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
• Hit the X in the upper right corner to exit HostsXpert

If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

5) Once you re-install, go immediately to Microsoft Windows Update and let the machine install all updates. Don't surf before you do.

These things should put your security in good condition. Only ONE antivirus and ONE antispyware at a time.
askey127

[jl43614]

askey127

It's been a LONG day, but I have everything working very well now.

Thank you again for all of your help and recommendations!

[askey127]

This topic is now closed
We are pleased to have been some help in cleaning your computer.

If you wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal