Infected by "Security Center"

View previous topic View next topic Go down

Infected by "Security Center"

Post by tenshimitsuki on Mon Jan 18, 2010 9:01 am

Hi. I've been infected by "Security Center". The main symptoms are "warning signs" popping out of no where (every 10 sec or so) from the security center claiming that my computer infected, random flashes of light appearing in the screen (color varies though), and weird "disconnecting sounds" coming out of my speaker. Unlike before, when I did the quick scan it did not remove most of viruses available. It mostly removes around 0-200 viruses while the full scan could remove up to 3000. I've tried removing it countless of times with Malwarebytes but it doesn't seem to work. Here's the hijack info

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:32 AM, on 1/18/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
C:\Program Files (x86)\PPLiveVA\PPLiveVA.exe
C:\ProgramData\PPLiveVA\Application\PPAP.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\SysWOW64\cbdgg1vseck6.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd.exe
C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee\MSC\mcshell.exe
c:\PROGRA~2\mcafee\VIRUSS~1\mcvsshld.exe
C:\Users\Teresa Shaw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa Shaw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa Shaw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa Shaw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa Shaw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa Shaw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PPLive\PPLive.exe
C:\Users\Teresa Shaw\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files (x86)\PPLiveVA\DownloaderManager.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files (x86)\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files (x86)\Acer Assist\launcher.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cbdgg1vseck6] C:\Windows\SysWOW64\cbdgg1vseck6.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Teresa Shaw\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [googletalk] C:\Users\Teresa Shaw\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [PPLive] "C:\Program Files (x86)\PPLive\PPLive.exe" /LoadModule ppvod.dll
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files (x86)\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [PPAP] C:\ProgramData\PPLiveVA\Application\PPAP.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SecurityCenter] C:\Windows\SysWOW64\cbdgg1vseck6.exe
O4 - HKCU\..\Run: [cbdgg1vseck6] C:\Users\Teresa Shaw\AppData\Roaming\cbdgg1vseck6.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PPLive.lnk = C:\Program Files (x86)\PPLive\PPLive.exe
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files (x86)\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Please help me.

Some random info:
Most of the Rogue files are found in this "Local/Temp" folder or something like that (Over 3000 or so) and all of them are "Rouge Installation" if I could remember correctly.
This is the second time I've been infected by this, the last time was 2 days ago. 2 days ago I was able to delete it
successfully but I can't seem to do so much this time.
Also, after an hour of scanning, my computer will automatically shut down for some reason so it's hard to do a complete "full scan". I've aborted it a few times when I think it removed most of it but I've only done a complete full scan once. For that one time, the virus wasn't running at all for some reason....

Thanks for your help in advance.


Last edited by tenshimitsuki on Mon Jan 18, 2010 7:19 pm; edited 1 time in total (Reason for editing : Forgot to add some information.)

tenshimitsuki
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-18
OS OS : Windows Vista
Points Points : 25233
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by tenshimitsuki on Mon Jan 18, 2010 8:54 pm

Oh, here's the MBAM log if it's needed:

Malwarebytes' Anti-Malware 1.44
Database version: 3573
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/18/2010 12:43:36 PM
mbam-log-2010-01-18 (12-43-34).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|L:\|)
Objects scanned: 131202
Time elapsed: 35 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2929

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Teresa Shaw\AppData\Local\Temp\1003.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1021.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1047.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\105F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1077.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\10E2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\10F5.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\10FC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\110A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1144.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1145.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\115.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1150.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\115E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1166.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1168.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1199.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\11B7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\11B8.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\11BA.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\11D4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\11D9.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\120F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\123A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1280.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1286.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\128D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1297.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1298.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1299.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\12A2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\12C2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\12C6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\12C7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\12D8.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\12DB.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\12E1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\12F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1318.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\131E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1336.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1338.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\135D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\135E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1380.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\138C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\13B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\13B9.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\13BE.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\13CF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\141.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1419.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1438.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1466.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\146D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1476.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\14E1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\14F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\14F8.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\14FC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1532.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\153B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1557.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1575.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\157F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1580.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\15BF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\15C1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\15ED.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\15FA.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\15FB.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\161.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1616.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\161E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1684.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\169D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\169E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\16B9.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\16BC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\16D9.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\16EC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\16ED.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\16F1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\16F7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\170D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1715.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\174D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1764.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1774.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1784.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\17C0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\17D0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\17D6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\17F8.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\185E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1881.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\188C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1893.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\189A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\18B2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\18CA.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\18F7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\190E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1912.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1916.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1951.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1961.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\196C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\196D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1977.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\198A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1995.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\19A6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\19B4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\19D5.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\19D7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1A06.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1A10.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1A13.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1A1D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1A44.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1A70.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1A95.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1AAA.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1AB4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1AB5.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1ACF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1ADF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1AF1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1AF2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1B03.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1B2B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1B33.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1B36.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1B3C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1B75.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1B8A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1B99.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1BE6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1BEC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1BF0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1BF5.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1C0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1C25.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1C3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1C6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1C75.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1CB1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1CC6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1CD7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1CE8.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1CF0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1D15.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1D19.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1D3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1D87.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1D9B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1DA1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1DBC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1DDE.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1DEC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1E23.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1E27.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1E39.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1E4F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1E5A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1E9B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1EA3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1EBA.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1EDF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1EF5.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1EF9.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F05.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F10.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F19.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F27.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F30.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F32.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F5C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F62.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F68.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F77.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1F99.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FA0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FA3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FB0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FD.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FDE.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FEC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FF3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FF6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\1FFC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\200B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\201F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2079.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\208B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\20BF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\20D7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\20F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\20FC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\211B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\212F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\213C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2183.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\218E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2193.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\219D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\21A2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\21B7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\21C3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\21E4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2202.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\221E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\224.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2249.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\224C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2265.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\226E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2270.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\22A2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\22C1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2300.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\230C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\230F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2314.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\232A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\233D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2355.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2358.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\236F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2382.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2387.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\23A6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\23B0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\23D6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\23DB.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\23FD.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2403.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2409.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\249D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\24A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\24A1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\24DE.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2513.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2522.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2529.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2531.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2545.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\256F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\259A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\25A3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\25B8.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\25C0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\25D9.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\25EB.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\25ED.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\260.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2614.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2618.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2625.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2634.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2638.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2650.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2682.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2699.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\26A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\26A2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\26A4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\26D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\26D7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\271.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2716.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2722.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2731.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2759.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2763.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\276E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2795.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2798.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\279A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\27AD.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\27AE.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\27D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\27DD.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\27E2.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\27F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2804.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2809.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2810.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2828.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\286A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\287E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\28A8.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\28AC.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\28F4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2919.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2938.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2939.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2947.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\295B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\298B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\299A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\29BA.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\29BF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\29C6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\29F3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\29FF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2A01.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2A2D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2A3E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2A47.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2A5E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2A98.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2ABA.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2AC5.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2AE6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2AED.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2AFD.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2B1C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2B32.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2B38.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2B47.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2B7.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2B70.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2B74.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2B79.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2BAB.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2BBE.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2BC3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2BC4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2BD0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2BD9.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2BF3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2C0A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2C0E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2C10.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2C3E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2C4E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2C74.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2C80.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2CA4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2CDD.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2D0A.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2D1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2D28.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2D3E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2D3F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2D72.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2D9.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2DC0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2DE5.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E06.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E09.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E17.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E52.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E54.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E5D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E74.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2E7F.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2ED0.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2EED.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F03.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F04.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F05.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F1C.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F32.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F42.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F48.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F4E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F5D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F61.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F8B.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2F95.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2FA3.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2FA4.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Teresa Shaw\AppData\Local\Temp\2FB1.tmp (Rogue.Installer) -> Quarantined and deleted successfully.

And there's more but I had to cut it out. The rest is similar to this though

tenshimitsuki
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-18
OS OS : Windows Vista
Points Points : 25233
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by Belahzur on Mon Jan 18, 2010 10:11 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by tenshimitsuki on Mon Jan 18, 2010 10:32 pm

I tried running the scan from OTL but it stopped halfway.

Here's the message"Cannot open file C:\Users\Teresa Shaw\AppData\Roaming\Mozilla\FireFox\44fkey1z.default\perfs.js"

The reason for this might be because on Friday, when I first got this virus, I tried to uninstall firefox. I deleted the browser but I can't seem to uninstall firefox for some reason. (When I click "Uninstall", it'll just pause for a while and nothing will open)

[edit] After I checked what that file was, apparently they said I could open it because another process is currently using it. (Error quote "Loading script "C:\Users\Teresa Shaw\AppData\Roaming\Mozilla\FireFox\44fkey1z.default\perfs.js" faied (The pocess cannot access the file because it is being used by another process)".)

So how could I run the scan properly?

[Edit]: Solved. I"ll post the results soon.

tenshimitsuki
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-18
OS OS : Windows Vista
Points Points : 25233
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by tenshimitsuki on Tue Jan 19, 2010 12:28 am

OTL. Txt

OTL logfile created on: 1/18/2010 4:06:26 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Teresa Shaw\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 68.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293.33 Gb Total Space | 22.13 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive D: | 293.08 Gb Total Space | 289.73 Gb Free Space | 98.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERESA
Current User Name: Teresa Shaw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/18 14:13:32 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa Shaw\Desktop\OTL.exe
PRC - [2010/01/16 10:00:22 | 00,391,680 | ---- | M] () -- C:\Windows\SysWOW64\cbdgg1vseck6.exe
PRC - [2009/12/23 11:18:18 | 02,642,168 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/12/09 15:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Users\Teresa Shaw\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/11/12 02:35:50 | 00,165,280 | ---- | M] ( ) -- C:\Program Files (x86)\PPLive\PPLive.exe
PRC - [2009/10/31 20:56:00 | 02,923,192 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/18 22:07:36 | 00,181,704 | ---- | M] (Synacast) -- C:\ProgramData\PPLiveVA\Application\PPAP.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/01 08:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/09 00:48:00 | 00,208,328 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2009/01/20 01:18:49 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/01/17 13:25:49 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/03/04 22:38:34 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/04 22:38:30 | 00,454,704 | ---- | M] (Egis inc.) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
PRC - [2008/01/25 17:49:04 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007/12/01 16:38:16 | 00,038,400 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
PRC - [2007/12/01 15:40:12 | 00,483,144 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
PRC - [2007/07/12 15:36:12 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 15:36:10 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2007/01/17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/07/19 10:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2003/07/07 01:20:40 | 00,233,472 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/06/26 18:50:24 | 00,212,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/06/25 11:24:48 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd.exe


========== Modules (SafeList) ==========

MOD - [2010/01/18 14:13:32 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa Shaw\Desktop\OTL.exe
MOD - [2009/03/11 19:11:16 | 00,014,032 | ---- | M] () -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/20 18:50:03 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/12 16:33:14 | 00,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009/09/16 10:23:32 | 00,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/09/16 09:15:32 | 00,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2008/01/20 18:50:24 | 00,027,648 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 18:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/12/08 14:25:28 | 00,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/21 16:20:05 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/27 10:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/03/04 22:38:34 | 00,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/25 17:49:04 | 00,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/12/19 17:09:22 | 00,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/17 09:38:20 | 00,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/09/10 14:28:18 | 00,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/07/12 15:36:12 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 05:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/07/19 10:36:58 | 00,262,247 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/16 09:22:40 | 00,308,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 09:22:40 | 00,102,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 09:22:40 | 00,049,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 09:15:38 | 00,040,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/08/28 19:42:52 | 00,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/05 23:24:16 | 00,061,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/06/06 21:46:41 | 00,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 14:17:08 | 00,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/09 13:23:02 | 00,176,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/02/24 17:35:44 | 00,255,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/03/04 22:39:22 | 00,060,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008/03/04 22:39:22 | 00,021,040 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008/03/04 22:39:20 | 00,022,064 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2007/09/12 23:27:10 | 07,041,312 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/07/12 00:35:44 | 00,381,976 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2007/04/12 21:22:50 | 00,324,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2006/11/01 21:28:10 | 00,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2008/12/30 22:53:41 | 00,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\AFS.SYS -- (AFS)
DRV - [2007/12/13 02:07:34 | 00,003,481 | ---- | M] () [File_System | Boot | Running] -- C:\Acer\Empowering Technology\eDataSecurity\PSDFilter.inf -- (PSDFilter)
DRV - [2007/12/13 02:07:34 | 00,003,460 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\PSDNserv.inf -- (PSDNServ)
DRV - [2007/12/13 02:07:34 | 00,003,459 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\PSDVDisk.inf -- (psdvdisk)
DRV - [2006/10/04 11:45:16 | 00,015,656 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/09/18 13:36:40 | 00,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 13:35:23 | 00,001,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2005/01/04 01:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/01/15 17:34:29 | 00,000,000 | ---D | M]

[2010/01/18 16:03:38 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 13:37:24 | 00,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files (x86)\PPLiveVA\DownloaderManager.dll (Synacast)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cbdgg1vseck6] C:\Windows\SysWOW64\cbdgg1vseck6.exe ()
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe File not found
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files (x86)\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O4 - HKCU..\Run: [cbdgg1vseck6] C:\Users\Teresa Shaw\AppData\Roaming\cbdgg1vseck6.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [Google Update] C:\Users\Teresa Shaw\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Teresa Shaw\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PPAP] C:\ProgramData\PPLiveVA\Application\PPAP.exe (Synacast)
O4 - HKCU..\Run: [PPLive] C:\Program Files (x86)\PPLive\PPLive.exe ( )
O4 - HKCU..\Run: [PPLiveVA] File not found
O4 - HKCU..\Run: [SecurityCenter] C:\Windows\SysWOW64\cbdgg1vseck6.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Teresa Shaw\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Teresa Shaw\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{21b8b9eb-d773-11dd-bd0d-00219723cbe1}\Shell\AutoRun\command - "" = m9ma.exe
O33 - MountPoints2\{21b8b9eb-d773-11dd-bd0d-00219723cbe1}\Shell\explore\Command - "" = m9ma.exe
O33 - MountPoints2\{21b8b9eb-d773-11dd-bd0d-00219723cbe1}\Shell\open\Command - "" = m9ma.exe
O33 - MountPoints2\{cabbc036-216c-11de-be96-00219723cbe1}\Shell - "" = AutoRun
O33 - MountPoints2\{cabbc036-216c-11de-be96-00219723cbe1}\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found
O33 - MountPoints2\{d30fba5f-5901-11de-b0aa-00219723cbe1}\Shell\AutoRun\command - "" = J:\iqe68o.bat -- File not found
O33 - MountPoints2\{d30fba5f-5901-11de-b0aa-00219723cbe1}\Shell\explore\Command - "" = J:\iqe68o.bat -- File not found
O33 - MountPoints2\{d30fba5f-5901-11de-b0aa-00219723cbe1}\Shell\open\Command - "" = J:\iqe68o.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/18 14:13:32 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Teresa Shaw\Desktop\OTL.exe
[2010/01/18 13:44:54 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Teresa Shaw\Desktop\winlogon.scr
[2010/01/18 11:24:19 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/18 00:43:21 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/01/18 00:43:21 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/01/18 00:43:21 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/01/16 11:20:17 | 00,000,000 | ---D | C] -- C:\EGIS_Drive
[2010/01/15 16:49:01 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/01/15 16:37:55 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Teresa Shaw\Desktop\mbam-setup.exe
[2010/01/15 00:07:24 | 00,000,000 | ---D | C] -- C:\Users\Teresa Shaw\AppData\Local\Mozilla
[2010/01/15 00:07:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/01/12 19:14:01 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/12 19:14:01 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/12/31 12:01:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\KeyHoleTV
[2009/12/24 13:23:33 | 00,000,000 | ---D | C] -- C:\Users\Teresa Shaw\Desktop\Games

========== Files - Modified Within 30 Days ==========

[2010/01/18 16:08:22 | 04,456,448 | -HS- | M] () -- C:\Users\Teresa Shaw\NTUSER.DAT
[2010/01/18 16:05:03 | 00,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1907031467-3353331994-1603910081-1000UA.job
[2010/01/18 15:56:18 | 00,789,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/18 15:56:18 | 00,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/18 15:56:18 | 00,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/18 15:51:43 | 00,037,141 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/01/18 15:50:35 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/18 15:50:35 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/18 15:50:34 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/18 15:50:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/18 15:50:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/18 15:49:37 | 00,524,288 | -HS- | M] () -- C:\Users\Teresa Shaw\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/01/18 15:49:37 | 00,065,536 | -HS- | M] () -- C:\Users\Teresa Shaw\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/01/18 15:49:36 | 03,571,824 | -H-- | M] () -- C:\Users\Teresa Shaw\AppData\Local\IconCache.db
[2010/01/18 14:32:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/18 14:13:32 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa Shaw\Desktop\OTL.exe
[2010/01/18 13:44:54 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Teresa Shaw\Desktop\winlogon.scr
[2010/01/18 11:25:15 | 00,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/18 11:01:26 | 00,227,328 | ---- | M] () -- C:\Users\Teresa Shaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 01:05:00 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1907031467-3353331994-1603910081-1000Core.job
[2010/01/16 10:00:22 | 00,391,680 | ---- | M] () -- C:\Windows\SysWow64\cbdgg1vseck6.exe
[2010/01/15 18:41:15 | 00,005,216 | ---- | M] () -- C:\Users\Teresa Shaw\AppData\Local\d3d9caps.dat
[2010/01/15 16:38:39 | 00,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/15 16:37:55 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Teresa Shaw\Desktop\mbam-setup.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/31 12:01:23 | 00,001,744 | ---- | M] () -- C:\Users\Teresa Shaw\Desktop\KeyHoleTV.lnk
[2009/12/31 12:01:06 | 00,740,516 | ---- | M] () -- C:\Users\Teresa Shaw\Desktop\SetupKHTV3.13.exe
[2009/12/27 14:01:46 | 00,001,368 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys

========== Files Created - No Company Name ==========

[2010/01/18 11:25:15 | 00,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/17 19:52:12 | 00,391,680 | ---- | C] () -- C:\Windows\SysWow64\cbdgg1vseck6.exe
[2010/01/16 11:27:53 | 00,226,688 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/01/15 16:38:39 | 00,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/15 16:38:33 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/12 19:14:01 | 00,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/01/12 19:14:01 | 00,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2009/12/31 12:01:23 | 00,001,744 | ---- | C] () -- C:\Users\Teresa Shaw\Desktop\KeyHoleTV.lnk
[2009/12/31 12:01:06 | 00,740,516 | ---- | C] () -- C:\Users\Teresa Shaw\Desktop\SetupKHTV3.13.exe
[2009/11/22 08:03:56 | 00,005,216 | ---- | C] () -- C:\Users\Teresa Shaw\AppData\Local\d3d9caps.dat
[2009/09/30 21:24:16 | 00,000,050 | ---- | C] () -- C:\Users\Teresa Shaw\AppData\Roaming\wklnhst.dat
[2009/08/25 20:29:47 | 00,001,368 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/02/22 01:14:20 | 00,000,028 | ---- | C] () -- C:\Windows\funshionplugin2.INI
[2009/02/17 00:21:56 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/31 00:41:06 | 00,227,328 | ---- | C] () -- C:\Users\Teresa Shaw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/30 23:03:13 | 00,000,099 | ---- | C] () -- C:\Users\Teresa Shaw\AppData\Local\fusioncache.dat
[2008/12/30 22:52:42 | 00,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/30 22:31:54 | 00,001,560 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/14 02:16:16 | 00,001,188 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini
[2008/09/19 11:02:16 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/09/19 11:02:16 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/09/19 11:00:22 | 00,000,069 | ---- | C] () -- C:\Windows\eAPLauncher.ini
[2008/04/17 22:53:19 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN4.dll
[2008/04/17 22:08:32 | 00,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys
[2008/04/17 20:17:59 | 00,000,792 | ---- | C] () -- C:\Windows\generic.ini
[2008/04/17 20:17:59 | 00,000,105 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008/04/17 20:17:55 | 01,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2008/04/17 20:17:55 | 00,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2001/12/26 14:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 21:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 14:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 20:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
< End of report >

tenshimitsuki
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-18
OS OS : Windows Vista
Points Points : 25233
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by tenshimitsuki on Tue Jan 19, 2010 12:29 am

Extras Txt.

OTL Extras logfile created on: 1/18/2010 4:06:27 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Teresa Shaw\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 68.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293.33 Gb Total Space | 22.13 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive D: | 293.08 Gb Total Space | 289.73 Gb Free Space | 98.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERESA
Current User Name: Teresa Shaw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Users\Teresa Shaw\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34B63CAE-3478-4057-BCE5-9F061B4B454F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{697CBC53-26E9-4946-88D7-6B651694F17F}" = rport=138 | protocol=17 | dir=out | app=system |
"{86DD6A2D-5984-4587-97F6-A867674E9F95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86EFF99F-0330-428C-A491-5D007F483AB8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8AF6EAEA-B68A-4B64-8F1C-0BD2CA6FF38C}" = rport=137 | protocol=17 | dir=out | app=system |
"{9162389A-2675-431C-814D-643233DA43CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{954A82A4-0237-438E-AA82-E87C70BC2FE3}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A471208-C0F5-4B2E-89BE-ED4D090FD491}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FA4A687-A0C8-4EEB-828B-9CF7F2FE2047}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD82B830-B9B0-4371-841D-30EA9A16E67C}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7F83DDC-984D-42BE-B521-D0C1F67DFE00}" = lport=137 | protocol=17 | dir=in | app=system |
"{D87964E9-AA63-4451-9429-8EFA73035112}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B23C27B-FAA5-44B5-9156-DECDDAEB7B2E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0C5E8A61-CD5A-4FFF-8DE0-1C4565843F26}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{14027FBD-8E2C-4E28-93D2-239AE229BA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{15E79B2C-1C66-4CC2-871B-BE6E5BD0AF79}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\crashupload.exe |
"{19BE7133-6AD4-4E76-9DC5-64B95CE37F75}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1D52039E-456F-4AB6-8947-EA1E1C2E3F9D}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{1DB94DE4-9455-4E30-95F3-10316BAA2CB6}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{1E3EC3A1-610D-4081-8681-FC970F6AFAFB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1F9C2BD4-19C9-406D-BA7E-E2A8FA078C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{281B21CD-FB0F-4860-8B97-ABCD0208A610}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{28654C40-F7F1-47AA-8875-6237DD9D1AD3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{3C71DB20-2736-4CCB-B6D2-A3B5B332D0A5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{3CD396DE-7978-488E-B263-F26293513729}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{4715540B-3EA8-49BB-B7A2-D4C1D7F0BEB3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{495F995D-2988-42E0-BA18-0F8B9D166E0F}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\flvpick.exe |
"{4A02CC39-36E5-4EF0-8A6F-3D897EBC0F60}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{4B7D121B-5973-4F4E-BC17-F016A942247A}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\flvpick.exe |
"{4D1C949B-EC6E-4DF7-910C-A582FBAA3384}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F1F428B-EEA9-4401-81A9-4098B504459D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{583B15F2-C17F-48A0-B6C0-1883AC59D660}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B46420D-6E45-41AD-9252-74ACA14E366D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B5DD2EE-E1B7-4499-B66D-23C2E575BEE1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{5F6082EF-101E-47DC-82CB-12991DDEFA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\downloadprogress.exe |
"{62063474-8042-4E9D-A6D5-99DE7BC9106B}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppliveu.exe |
"{655E4CB3-6FA3-4982-9136-2DCB145F1DA6}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{6890ADE6-9F2C-489B-8420-9720521CA33D}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppliveu.exe |
"{7291B573-E448-445B-973E-BEB9BD7E7A8B}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\crashupload.exe |
"{74783050-F13C-40F9-AF4A-8CC061933EB2}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\download.exe |
"{7F922AAB-9EBB-4654-9B88-700323ED4E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshion.exe |
"{819A4057-7E3F-4AAA-8A2A-46F908DE6CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{834074D2-E8E2-49DE-8713-574AF75F902D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{855A5F3B-2D08-4EB6-919A-35BA92DEA99E}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{87142BD8-0A97-43F7-BC2B-BC2983CB0120}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{8A02FDFA-2F1D-41FA-9E36-2F17C3E6E4C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8D178E6B-1BD7-404A-949A-E6460F38AB86}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"{8D75D3FA-EFDF-4FC3-B24E-DE72524F7D84}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{90D295B3-D3BC-4065-8074-CC4EBA5E12E1}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{987FBDEC-0E77-4BE4-9457-2AFED4E50C2A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{992CC0D8-BB3A-4A1B-8F41-3CF6E161A466}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{9948EB1A-1782-44B4-8FDC-F215DACDA010}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{9C41144B-67FD-4004-B67C-DD825F3DF625}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A0FF360C-D61E-4AC9-9491-30D5A80E4329}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\ppliveva.exe |
"{AA78A054-7A04-4711-B29A-CFD85034F004}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\ppliveva.exe |
"{AA7AB1FB-3438-4D44-9308-95BB55881380}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshion.exe |
"{B5BDA9DF-E81B-41B4-A053-ACDD099C2A8D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{B96567F9-EFD9-491E-8A09-CCB9AD4D671B}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshion.exe |
"{BD0298F3-5083-4A6E-9780-BA30FECB5657}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C4022FB8-2192-48D4-9453-0E8A7082B0EA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CA9CCE18-92DC-4A6B-B6D0-74DF256C6864}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CB3034ED-7902-4C26-8CAA-3034FF6886B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DABCB9B2-93A1-4261-B5A5-E6F30D6CC612}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DDC6D8FB-9D4D-41FA-BDD3-D080A4858010}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\pplap.exe |
"{DFA5726D-2FC1-4AEE-8439-7364BBA3D584}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |
"{E27CD840-F3CE-421C-B67D-D46D66511C1E}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\download.exe |
"{E339CD18-AC6C-46B1-9C5C-4B8CEDD61D04}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbir.exe |
"{E4D3E13F-60D4-405A-B689-02FE657EE2AB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"{EBC650E3-6483-462C-BDEF-00FE4523788A}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{ECC7EE7E-5BBF-48A4-89C6-FB31F9D48CA1}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\pplap.exe |
"{ECFD5309-C5DF-464D-8AF5-C3AFE9560290}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{ED0DC23B-3520-4EF5-9EF8-703F611FF8A1}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshion.exe |
"{F987A127-6868-4839-BC0B-B52763487EA6}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{FA984439-B98E-4E33-B5C0-31272C117EAF}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\downloadprogress.exe |
"TCP Query User{6A88443C-0929-4011-A710-3A802E080FEB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{7A1F9F74-C00F-4FA8-8D20-5952DE594401}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{7FB681E3-2C04-484D-B0FC-62D0B211A5EB}C:\program files (x86)\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"UDP Query User{29286F34-E4C3-4F2B-A335-A4F3964B5887}C:\program files (x86)\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"UDP Query User{3D3DE0FD-87A6-4A9F-ABBB-7C76EABACE86}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{C014D8ED-64A0-4280-BB9B-D2DE29FD4B1F}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"2EFF310ED3BF3BFB24E6CC25AEB5491813E56803" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSet" = Intel(R) PRO Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C2044E-9E98-4005-8E3C-E438A10501EC}" = MapleStory
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact Pro
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{642a22b1-7ab8-44b5-84b9-e58eecf8ece2}" = 2400_2500Help
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9441cb44-9729-4962-9ce1-c7752350fe52}" = 23_24_2500Tour
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98e3d87f-6946-468d-b34e-9f89ac8da70a}" = 2400
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{d40e4a88-ebc8-4d52-be3c-a4917a057ef0}" = Fax
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{f409f2fe-2567-446f-a220-e60cd7e016f4}" = 2400_2500trb
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitComet" = BitComet 1.09
"EADM" = EA Download Manager
"Free Hide Folder" = Free Hide Folder
"GOM Player" = GOM Player
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"ImTOO iPod Movie Converter" = ImTOO iPod Movie Converter
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact Pro
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"KeyHoleTV" = KeyHoleTV
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee SecurityCenter
"Orb" = Winamp Remote
"PPLive" = PPLive V2.3.5.0032
"RealPlayer 6.0" = RealPlayer
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"PPLiveVA" = PPLive Video Accelerator

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2010 1:50:57 AM | Computer Name = Teresa | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/18/2010 1:51:15 AM | Computer Name = Teresa | Source = Application Error | ID = 1000
Description = Faulting application cbdgg1vseck6.exe, version 2.4.51.12, time stamp
0x4b51fd6f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xe44aabac, process id 0x7d0, application start time
0x01ca98023d27bb12.

Error - 1/18/2010 1:51:36 AM | Computer Name = Teresa | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/18/2010 1:51:48 AM | Computer Name = Teresa | Source = WinMgmt | ID = 10
Description =

Error - 1/18/2010 2:52:44 AM | Computer Name = Teresa | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/18/2010 2:52:44 AM | Computer Name = Teresa | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/18/2010 2:53:05 AM | Computer Name = Teresa | Source = Application Error | ID = 1000
Description = Faulting application cbdgg1vseck6.exe, version 2.4.51.12, time stamp
0x4b51fd6f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xe44aabac, process id 0x450, application start time
0x01ca980ae193dbb2.

Error - 1/18/2010 2:53:05 AM | Computer Name = Teresa | Source = Application Error | ID = 1000
Description = Faulting application cbdgg1vseck6.exe, version 2.4.51.12, time stamp
0x4b51fd6f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xe44aabac, process id 0xb48, application start time
0x01ca980ae0b67bd2.

Error - 1/18/2010 2:53:05 AM | Computer Name = Teresa | Source = Application Error | ID = 1000
Description = Faulting application cbdgg1vseck6.exe, version 2.4.51.12, time stamp
0x4b51fd6f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xe44aabac, process id 0xb50, application start time
0x01ca980ae0c00152.

Error - 1/18/2010 2:53:08 AM | Computer Name = Teresa | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 1/18/2010 5:01:49 PM | Computer Name = Teresa | Source = BROWSER | ID = 8032
Description =

Error - 1/18/2010 5:13:45 PM | Computer Name = Teresa | Source = HTTP | ID = 15016
Description =

Error - 1/18/2010 5:14:44 PM | Computer Name = Teresa | Source = Service Control Manager | ID = 7026
Description =

Error - 1/18/2010 6:15:27 PM | Computer Name = Teresa | Source = HTTP | ID = 15016
Description =

Error - 1/18/2010 6:15:29 PM | Computer Name = Teresa | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2400 Series with
shared resource name HP psc 2400 Series. Error 2114. The printer cannot be used
by others on the network.

Error - 1/18/2010 6:16:31 PM | Computer Name = Teresa | Source = Service Control Manager | ID = 7026
Description =

Error - 1/18/2010 7:50:33 PM | Computer Name = Teresa | Source = HTTP | ID = 15016
Description =

Error - 1/18/2010 7:50:34 PM | Computer Name = Teresa | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2400 Series with
shared resource name HP psc 2400 Series. Error 2114. The printer cannot be used
by others on the network.

Error - 1/18/2010 7:52:18 PM | Computer Name = Teresa | Source = Service Control Manager | ID = 7026
Description =

Error - 1/18/2010 8:07:42 PM | Computer Name = Teresa | Source = BROWSER | ID = 8032
Description =


< End of report >

tenshimitsuki
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-18
OS OS : Windows Vista
Points Points : 25233
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by Belahzur on Tue Jan 19, 2010 7:24 pm

Hello.

I see that you are running BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight BitComet 1.09
  • Click on the Uninstall/Change button at the top.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/01/16 10:00:22 | 00,391,680 | ---- | M] () -- C:\Windows\SysWOW64\cbdgg1vseck6.exe
    O4 - HKLM..\Run: [cbdgg1vseck6] C:\Windows\SysWOW64\cbdgg1vseck6.exe ()
    O4 - HKCU..\Run: [cbdgg1vseck6] C:\Users\Teresa Shaw\AppData\Roaming\cbdgg1vseck6.exe File not found
    [2010/01/17 19:52:12 | 00,391,680 | ---- | C] () -- C:\Windows\SysWow64\cbdgg1vseck6.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by tenshimitsuki on Wed Jan 20, 2010 2:04 am

Here's the result:

========== OTL ==========
No active process named cbdgg1vseck6.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cbdgg1vseck6 not found.
File C:\Windows\SysWOW64\cbdgg1vseck6.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cbdgg1vseck6 not found.
File C:\Windows\SysWow64\cbdgg1vseck6.exe not found.

OTL by OldTimer - Version 3.1.25.2 log created on 01192010_180224


I think it's almost gone now... I just have to clean it a few more times to be sure...

tenshimitsuki
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-18
OS OS : Windows Vista
Points Points : 25233
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by Belahzur on Wed Jan 20, 2010 9:13 pm

Hello.
Did you run OTL script more than once? how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected by "Security Center"

Post by tenshimitsuki on Thu Jan 21, 2010 1:08 am

Actually the virus is gone now ^^.

Ummm I did run it more than once but the first result was the same (If I remember correctly) The machine is running perfectly now.

Thanks so much for your help!

[Solved]

tenshimitsuki
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-18
OS OS : Windows Vista
Points Points : 25233
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum