[Closed] Security Center installed on laptop - needs cleaning

By FlyerPhil
Nov 3, 2010
Topic Status:
Not open for further replies.
  1. Hi,

    As the title suggests, Security Center has managed to get onto a laptop and now pops up a multitude of false virus alerts every time I try to run anything.

    I've run steps 1 to 8, however step 5 (DDS) runs but then hangs the laptop after running for a few minutes (using Admin user and in safe mode) so there's no log for that.

    I've also not updated Windows yet as windows update doesn't appear to work (msiexec runs constantly with 80%+ CPU usage).

    I've also tried to install either of the AV programs listed. Avast installs but the service does not stat and the utility does not load. Avira will not install as it complains that Windows Updates are running.

    The logs are really large so I'm splitting them across multiple posts!

    Cheers

    Phil

    MBAM log
    ========
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5025

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    11/2/2010 10:24:44 PM
    mbam-log-2010-11-02 (22-24-44).txt

    Scan type: Quick scan
    Objects scanned: 288606
    Time elapsed: 10 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 288
    Registry Values Infected: 11
    Registry Data Items Infected: 4
    Folders Infected: 96
    Files Infected: 605

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{40ca90f3-4098-4877-ae87-23eb612b18c7} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4c3b62af-ca25-4fba-8405-32e44f83bb6f} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5a635a91-c303-45c9-8db9-f759d98a3b9d} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7e335d04-2e6e-4d0e-a921-c3d9192e7121} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b20d7add-989c-4bc0-a797-f6fe7998efd7} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bfc20a15-b0ac-44cc-a25a-a7039014ba9f} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f019aec4-4c95-46de-a107-e302473e3b9a} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2557dd3f-23a0-477c-bcd8-90fd0aecc4b8} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2893116c-a176-42b1-8794-da8c9fc45564} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{99fdca0c-7380-4e9c-8d99-5dc4750334ef} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b1d9f4b1-b9ff-463f-bf15-ab9cb26160f7} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{71f731b3-008b-4052-9ea4-4145acce40c3} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8292078f-f6e9-412b-8eb1-360c05c5ece5} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2447e305-5e90-42a8-bd1e-0bc333b807e1} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{50d2fdcc-2707-49cb-8223-7fe0424909aa} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{878ce013-7ba9-4650-a78c-b2234c0c1648} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{76d54105-99eb-4ecb-95b2-a944f50cc566} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3e67daa-da01-4da5-98be-3088b554a11e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.hbax (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{f244a744-534d-4a46-855f-c0c7e9f27daa} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{030c9927-10fc-4169-97a2-55becd5d88d8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e2dfd6a-4e20-4d4c-aa8b-e1f9dbef3c80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{714e0876-fcee-49ce-a429-b9ad8aefcb56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dd15bcc0-5fe9-4690-a957-99fa60ed9d26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.hbax.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.hbinfoband (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.hbinfoband.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.iebutton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.iebutton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.iebuttona (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.iebuttona.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.rprtctrl (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport2.rprtctrl.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c62a9e79-2b52-439b-af57-2e60bb06e86c} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{15fd8424-d12a-4c51-8c6c-d5d57b80f781} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0eb3f101-224a-4b2b-9e5b-df720857529c} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a1f1ecd3-4806-44c6-a869-f0dadf11c57c} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d1063603-f045-475f-afbc-8cba7d5797fb} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{70880ce6-308c-4204-a89e-b266c3f7b7fa} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{cdc73256-a88d-4642-844e-a8f20b76789c} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{b035ba6b-57cd-4f72-b545-65be465fcaf6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d44fd6f0-9746-484e-b5c4-c66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bardiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BARDISCOVER_SERVICE (Adware.BarDiscover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BarDiscover Service (Adware.BarDiscover) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\base frag grid bows (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sniffer (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hotbar@hotbar.com (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kbdsr71.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\WINDOWS\system32\ladklq.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\FunWebProducts\Data\Brea & Kyesha's (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\FunWebProducts\Data\Mandy (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\FunWebProducts\Data\Sereise (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\Hotbar\v3.5\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
  2. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\res2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport2\Bin\2.7.12 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

    Files Infected:
    C:\WINDOWS\kbdsr71.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Local Settings\Application Data\ysmfqce_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Local Settings\Application Data\ysmfqce_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Local Settings\Application Data\ysmfqce.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Local Settings\Application Data\ysmfqce.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\HotbarSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\CntntCntr.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\CoreSrv.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\HostIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\Srv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\Weather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\sdra64.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kyesha.ACER-FCAFBFA90D\Application Data\sdra64.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Local Settings\Application Data\86267438.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BarDiscover\bardiscover149.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\FunWebProducts\Data\Brea & Kyesha's\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\FunWebProducts\Data\Mandy\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\FunWebProducts\Data\Sereise\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\FunWebProducts\Data\Sereise\register.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_511745-514279.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz1.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz10.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz11.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz12.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz13.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz14.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz15.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz16.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz17.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz18.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz19.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz20.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz3.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz4.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz5.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz6.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz7.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz8.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz9.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemster.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsterie.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsteruk.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jobsearch.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_reun.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_ringtones.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\cursors.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\editblbuttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-548964.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesMenu.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesmenu.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\hb_ie_menu.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_games_icon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_video.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\more.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\new_games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\sales_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\sdfmodifier.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\1\weathericon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\progress.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\email-t1-bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\default.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\icons2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\top7.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hb_ie_menu.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ads.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar-premium.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\gamesmenu.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_511745-514279.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz1.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz10.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz11.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz12.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz13.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz14.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz15.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz16.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz17.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz18.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz19.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz20.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz3.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz4.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz5.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz6.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz7.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz8.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz9.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemster.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsterie.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsteruk.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jobsearch.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_reun.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_ringtones.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\cursors.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\editblbuttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-548964.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesMenu.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesmenu.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\hb_ie_menu.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_games_icon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_video.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\more.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\new_games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\sales_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\sdfmodifier.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\static\2\weathericon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\domains.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\2581240.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\603173.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1070519.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\502198.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1262929.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\600583.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\929952.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1383653.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\3696057.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1048757.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
  3. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\3782412.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\2904133.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\570799.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1056677.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1059014.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\2884290.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\581008.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1387544.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\2709309.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\1840276.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\3893561.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\3404705.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\478844.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\3859864.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\3340762.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\3a13.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753520 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\28784 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\455745 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753529 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\254728 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\61367 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\97734 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\233324 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\472429 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\486603 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\486725 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\459395 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\5812 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\64482 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\459338 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\748733 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\233027 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753602 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\44323 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\29115 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\44228 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\79805 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\663463 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\28812 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\161386 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753595 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\33200 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\75746 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\83706 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\31260 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\751240 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\69325 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\751241 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\28383 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\31262 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\27505 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\26664 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\32883 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\58911 (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_511745-514279.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz1.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz10.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz11.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz12.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz13.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz14.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz15.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz16.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz17.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz18.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz19.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz20.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz3.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz4.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz5.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz6.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz7.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz8.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz9.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemster.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsterie.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsteruk.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jobsearch.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_reun.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_ringtones.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\cursors.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\editblbuttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-548964.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesMenu.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesmenu.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\hb_ie_menu.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_games_icon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_video.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\more.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\new_games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\sales_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\sdfmodifier.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\1\weathericon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\progress.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\email-t1-bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\default.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\icons2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\top7.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hb_ie_menu.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ads.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar-premium.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\gamesmenu.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_511745-514279.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz1.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz10.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz11.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz12.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz13.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz14.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz15.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz16.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz17.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz18.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz19.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz20.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz3.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz4.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz5.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz6.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz7.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz8.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz9.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemster.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsterie.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsteruk.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jobsearch.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_reun.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_ringtones.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\cursors.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\editblbuttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-548964.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesMenu.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesmenu.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\hb_ie_menu.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_games_icon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_video.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\more.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\new_games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\sales_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\sdfmodifier.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\static\2\weathericon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\dynamic\3404705.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\dynamic\domains.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\dynamic\1.sdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\39e6.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
  4. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    C:\Documents and Settings\Sereise\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\3a36.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf_update.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Brea & Kyesha's\Application Data\ShoppingReport2\cs\res1\WhiteList.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mandy\Application Data\ShoppingReport2\cs\res2\WhiteList.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sereise\Application Data\ShoppingReport2\cs\res1\WhiteList.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\Program Files\BarDiscover\bardiscover.dll (Adware.BarDiscover) -> Quarantined and deleted successfully.
    C:\Program Files\BarDiscover\bardiscover.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
    C:\Program Files\BarDiscover\uninstall.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00043341.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00856644.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00A3D086.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0016BE53.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\000C7AE2.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\0015E902.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\HotbarSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\HotbarUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\HotbarSADF.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
    C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
    C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\Cast ping base frag\16 support.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  5. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    GMER Log
    =========
    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-11-03 16:28:16
    Windows 5.1.2600 Service Pack 2
    Running: mysf6dcl.exe; Driver: C:\DOCUME~1\Mandy\LOCALS~1\Temp\fwryypow.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Bonjour\mDNSResponder.exe[264] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00132F90
    .text C:\Program Files\Bonjour\mDNSResponder.exe[264] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001330EE
    .text C:\Program Files\Bonjour\mDNSResponder.exe[264] WS2_32.dll!send 71AB428A 5 Bytes JMP 0013C178
    .text C:\Program Files\Bonjour\mDNSResponder.exe[264] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0013C195
    .text C:\Program Files\Bonjour\mDNSResponder.exe[264] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0013C144
    .text C:\Program Files\Bonjour\mDNSResponder.exe[264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013DEDD
    .text C:\Program Files\Bonjour\mDNSResponder.exe[264] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0013E012
    .text C:\WINDOWS\system32\igfxpers.exe[284] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0112B8B5
    .text C:\WINDOWS\system32\igfxpers.exe[284] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\WINDOWS\system32\igfxpers.exe[284] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0112BA9B
    .text C:\WINDOWS\system32\igfxpers.exe[284] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 0112BB3D
    .text C:\WINDOWS\system32\igfxpers.exe[284] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01131E92
    .text C:\WINDOWS\system32\igfxpers.exe[284] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01131FF9
    .text C:\WINDOWS\system32\igfxpers.exe[284] WS2_32.dll!send 71AB428A 5 Bytes JMP 011232E5
    .text C:\WINDOWS\system32\igfxpers.exe[284] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01123306
    .text C:\WINDOWS\system32\igfxpers.exe[284] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 011232AD
    .text C:\WINDOWS\system32\igfxpers.exe[284] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 011266C1
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 0112982F
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 0112977A
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01129557
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01129803
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01129737
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011295AB
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 011297B9
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 0112969B
    .text C:\WINDOWS\system32\igfxpers.exe[284] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 011295FF
    .text C:\WINDOWS\system32\hkcmd.exe[304] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 011BB8B5
    .text C:\WINDOWS\system32\hkcmd.exe[304] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\WINDOWS\system32\hkcmd.exe[304] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 011BBA9B
    .text C:\WINDOWS\system32\hkcmd.exe[304] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 011BBB3D
    .text C:\WINDOWS\system32\hkcmd.exe[304] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 011C1E92
    .text C:\WINDOWS\system32\hkcmd.exe[304] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 011C1FF9
    .text C:\WINDOWS\system32\hkcmd.exe[304] WS2_32.dll!send 71AB428A 5 Bytes JMP 011B32E5
    .text C:\WINDOWS\system32\hkcmd.exe[304] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 011B3306
    .text C:\WINDOWS\system32\hkcmd.exe[304] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 011B32AD
    .text C:\WINDOWS\system32\hkcmd.exe[304] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 011B66C1
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 011B982F
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 011B977A
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 011B9557
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 011B9803
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 011B9737
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011B95AB
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 011B97B9
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 011B969B
    .text C:\WINDOWS\system32\hkcmd.exe[304] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 011B95FF
    .text C:\WINDOWS\system32\rundll32.exe[368] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D8B8B5
    .text C:\WINDOWS\system32\rundll32.exe[368] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\system32\rundll32.exe[368] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D8BA9B
    .text C:\WINDOWS\system32\rundll32.exe[368] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 00D8BB3D
    .text C:\WINDOWS\system32\rundll32.exe[368] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D91E92
    .text C:\WINDOWS\system32\rundll32.exe[368] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00D91FF9
    .text C:\WINDOWS\system32\rundll32.exe[368] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D832E5
    .text C:\WINDOWS\system32\rundll32.exe[368] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D83306
    .text C:\WINDOWS\system32\rundll32.exe[368] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D832AD
    .text C:\WINDOWS\system32\rundll32.exe[368] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00D866C1
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00D8982F
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00D8977A
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00D89557
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00D89803
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00D89737
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00D895AB
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00D897B9
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00D8969B
    .text C:\WINDOWS\system32\rundll32.exe[368] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00D895FF
    .text C:\WINDOWS\ehome\ehtray.exe[384] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0144B8B5
    .text C:\WINDOWS\ehome\ehtray.exe[384] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\ehome\ehtray.exe[384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0144BA9B
    .text C:\WINDOWS\ehome\ehtray.exe[384] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 0144BB3D
    .text C:\WINDOWS\ehome\ehtray.exe[384] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01451E92
    .text C:\WINDOWS\ehome\ehtray.exe[384] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01451FF9
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 0144982F
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 0144977A
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01449557
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01449803
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01449737
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 014495AB
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 014497B9
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 0144969B
    .text C:\WINDOWS\ehome\ehtray.exe[384] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 014495FF
    .text C:\WINDOWS\ehome\ehtray.exe[384] WS2_32.dll!send 71AB428A 5 Bytes JMP 014432E5
    .text C:\WINDOWS\ehome\ehtray.exe[384] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01443306
    .text C:\WINDOWS\ehome\ehtray.exe[384] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 014432AD
    .text C:\WINDOWS\ehome\ehtray.exe[384] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 014466C1
    .text C:\WINDOWS\RTHDCPL.EXE[448] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 027DB8B5
    .text C:\WINDOWS\RTHDCPL.EXE[448] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\WINDOWS\RTHDCPL.EXE[448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 027DBA9B
    .text C:\WINDOWS\RTHDCPL.EXE[448] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 027DBB3D
    .text C:\WINDOWS\RTHDCPL.EXE[448] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 027E1E92
    .text C:\WINDOWS\RTHDCPL.EXE[448] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 027E1FF9
    .text C:\WINDOWS\RTHDCPL.EXE[448] WS2_32.dll!send 71AB428A 5 Bytes JMP 027D32E5
    .text C:\WINDOWS\RTHDCPL.EXE[448] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 027D3306
    .text C:\WINDOWS\RTHDCPL.EXE[448] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 027D32AD
    .text C:\WINDOWS\RTHDCPL.EXE[448] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 027D66C1
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 027D982F
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 027D977A
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 027D9557
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 027D9803
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 027D9737
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 027D95AB
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 027D97B9
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 027D969B
    .text C:\WINDOWS\RTHDCPL.EXE[448] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 027D95FF
    .text C:\WINDOWS\system32\svchost.exe[512] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00082F90
    .text C:\WINDOWS\system32\svchost.exe[512] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\system32\svchost.exe[512] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0008DEDD
    .text C:\WINDOWS\system32\svchost.exe[512] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0008E012
    .text C:\WINDOWS\system32\svchost.exe[512] WS2_32.dll!send 71AB428A 5 Bytes JMP 0008C178
    .text C:\WINDOWS\system32\svchost.exe[512] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0008C195
    .text C:\WINDOWS\system32\svchost.exe[512] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0008C144
    .text C:\WINDOWS\system32\svchost.exe[512] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00082AE0
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000904AD
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00090406
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0009037A
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0009044B
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0009046E
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0009039C
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00090428
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000903E2
    .text C:\WINDOWS\system32\svchost.exe[512] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000903BE
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 015BB8B5
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 015BBA9B
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 015BBB3D
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 015C1E92
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 015C1FF9
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WS2_32.dll!send 71AB428A 5 Bytes JMP 015B32E5
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 015B3306
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 015B32AD
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 015B66C1
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 015B982F
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 015B977A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 015B9557
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 015B9803
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 015B9737
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 015B95AB
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 015B97B9
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 015B969B
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 015B95FF
    .text C:\Acer\Empowering Technology\admtray.exe[580] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0171B8B5
    .text C:\Acer\Empowering Technology\admtray.exe[580] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\Acer\Empowering Technology\admtray.exe[580] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0171BA9B
    .text C:\Acer\Empowering Technology\admtray.exe[580] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 0171BB3D
    .text C:\Acer\Empowering Technology\admtray.exe[580] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01721E92
    .text C:\Acer\Empowering Technology\admtray.exe[580] user32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01721FF9
    .text C:\Acer\Empowering Technology\admtray.exe[580] WS2_32.dll!send 71AB428A 5 Bytes JMP 017132E5
    .text C:\Acer\Empowering Technology\admtray.exe[580] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01713306
    .text C:\Acer\Empowering Technology\admtray.exe[580] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 017132AD
    .text C:\Acer\Empowering Technology\admtray.exe[580] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 017166C1
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 0171982F
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 0171977A
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01719557
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01719803
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01719737
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 017195AB
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 017197B9
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 0171969B
    .text C:\Acer\Empowering Technology\admtray.exe[580] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 017195FF
    .text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00982F90
    .text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009830EE
    .text C:\WINDOWS\system32\services.exe[716] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0098DEDD
    .text C:\WINDOWS\system32\services.exe[716] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0098E012
    .text C:\WINDOWS\system32\services.exe[716] WS2_32.dll!send 71AB428A 5 Bytes JMP 0098C178
    .text C:\WINDOWS\system32\services.exe[716] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0098C195
    .text C:\WINDOWS\system32\services.exe[716] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0098C144
    .text C:\WINDOWS\system32\services.exe[716] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00982AE0
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 009904AD
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00990406
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0099037A
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0099044B
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0099046E
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0099039C
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00990428
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 009903E2
    .text C:\WINDOWS\system32\services.exe[716] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 009903BE
    .text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D72F90
    .text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D730EE
    .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D7DEDD
    .text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00D7E012
    .text C:\WINDOWS\system32\lsass.exe[728] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D7C178
    .text C:\WINDOWS\system32\lsass.exe[728] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D7C195
    .text C:\WINDOWS\system32\lsass.exe[728] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D7C144
    .text C:\WINDOWS\system32\lsass.exe[728] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00D72AE0
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00D804AD
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00D80406
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00D8037A
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00D8044B
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00D8046E
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00D8039C
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00D80428
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00D803E2
    .text C:\WINDOWS\system32\lsass.exe[728] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00D803BE
    .text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00C92F90
    .text C:\WINDOWS\system32\wuauclt.exe[924] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00082F90
    .text C:\WINDOWS\system32\wuauclt.exe[924] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\system32\wuauclt.exe[924] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0008DEDD
    .text C:\WINDOWS\system32\wuauclt.exe[924] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0008E012
    .text C:\WINDOWS\system32\wuauclt.exe[924] WS2_32.dll!send 71AB428A 5 Bytes JMP 0008C178
    .text C:\WINDOWS\system32\wuauclt.exe[924] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0008C195
    .text C:\WINDOWS\system32\wuauclt.exe[924] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0008C144
    .text C:\WINDOWS\system32\wuauclt.exe[924] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00082AE0
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000904AD
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00090406
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0009037A
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0009044B
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0009046E
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0009039C
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00090428
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000903E2
    .text C:\WINDOWS\system32\wuauclt.exe[924] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000903BE
    .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00982F90
    .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009830EE
    .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0098DEDD
    .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0098E012
    .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!send 71AB428A 5 Bytes JMP 0098C178
    .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0098C195
    .text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0098C144
    .text C:\WINDOWS\system32\svchost.exe[936] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00982AE0
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 009904AD
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00990406
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0099037A
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0099044B
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0099046E
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0099039C
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00990428
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 009903E2
    .text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 009903BE
    .text C:\WINDOWS\System32\svchost.exe[972] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00FB2F90
    .text C:\WINDOWS\System32\svchost.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00FB30EE
    .text C:\WINDOWS\System32\svchost.exe[972] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00FBDEDD
    .text C:\WINDOWS\System32\svchost.exe[972] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00FBE012
    .text C:\WINDOWS\System32\svchost.exe[972] WS2_32.dll!send 71AB428A 5 Bytes JMP 00FBC178
    .text C:\WINDOWS\System32\svchost.exe[972] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00FBC195
    .text C:\WINDOWS\System32\svchost.exe[972] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00FBC144
    .text C:\WINDOWS\System32\svchost.exe[972] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00FB2AE0
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00FC04AD
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00FC0406
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00FC037A
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00FC044B
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00FC046E
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00FC039C
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00FC0428
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00FC03E2
    .text C:\WINDOWS\System32\svchost.exe[972] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00FC03BE
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00072F90
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000730EE
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007DEDD
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0007E012
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WS2_32.dll!send 71AB428A 5 Bytes JMP 0007C178
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0007C195
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0007C144
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00072AE0
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000804AD
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00080406
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0008037A
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0008044B
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0008046E
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0008039C
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00080428
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000803E2
    .text C:\WINDOWS\eHome\ehRecvr.exe[1004] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000803BE
    .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00722F90
    .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007230EE
    .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0072DEDD
    .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0072E012
  6. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    .text C:\WINDOWS\system32\svchost.exe[1012] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00722AE0
    .text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!send 71AB428A 5 Bytes JMP 0072C178
    .text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0072C195
    .text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0072C144
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 007304AD
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00730406
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0073037A
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0073044B
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0073046E
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0073039C
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00730428
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 007303E2
    .text C:\WINDOWS\system32\svchost.exe[1012] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 007303BE
    .text C:\Program Files\QuickTime\QTTask.exe[1020] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E7B8B5
    .text C:\Program Files\QuickTime\QTTask.exe[1020] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\Program Files\QuickTime\QTTask.exe[1020] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E7BA9B
    .text C:\Program Files\QuickTime\QTTask.exe[1020] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 00E7BB3D
    .text C:\Program Files\QuickTime\QTTask.exe[1020] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00E81E92
    .text C:\Program Files\QuickTime\QTTask.exe[1020] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00E81FF9
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E732E5
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00E73306
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00E732AD
    .text C:\Program Files\QuickTime\QTTask.exe[1020] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00E766C1
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00E7982F
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00E7977A
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00E79557
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00E79803
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00E79737
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00E795AB
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00E797B9
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00E7969B
    .text C:\Program Files\QuickTime\QTTask.exe[1020] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00E795FF
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 016CB8B5
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 016CBA9B
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 016CBB3D
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 016D1E92
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 016D1FF9
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WS2_32.dll!send 71AB428A 5 Bytes JMP 016C32E5
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 016C3306
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 016C32AD
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 016C66C1
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 016C982F
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 016C977A
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 016C9557
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 016C9803
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 016C9737
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 016C95AB
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 016C97B9
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 016C969B
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1076] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 016C95FF
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00DBB8B5
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DBBA9B
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 00DBBB3D
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00DC1E92
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00DC1FF9
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00DB982F
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00DB977A
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00DB9557
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00DB9803
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00DB9737
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00DB95AB
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00DB97B9
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00DB969B
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00DB95FF
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00DB66C1
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DB32E5
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00DB3306
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1100] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00DB32AD
    .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00722F90
    .text C:\WINDOWS\system32\svchost.exe[1152] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007230EE
    .text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0072DEDD
    .text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0072E012
    .text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!send 71AB428A 5 Bytes JMP 0072C178
    .text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0072C195
    .text C:\WINDOWS\system32\svchost.exe[1152] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0072C144
    .text C:\WINDOWS\system32\svchost.exe[1152] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00722AE0
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 007304AD
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00730406
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0073037A
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0073044B
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0073046E
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0073039C
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00730428
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 007303E2
    .text C:\WINDOWS\system32\svchost.exe[1152] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 007303BE
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0154B8B5
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0154BA9B
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 0154BB3D
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01551E92
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01551FF9
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WS2_32.dll!send 71AB428A 5 Bytes JMP 015432E5
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01543306
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 015432AD
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 015466C1
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 0154982F
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 0154977A
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01549557
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01549803
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01549737
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 015495AB
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 015497B9
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 0154969B
    .text C:\PROGRA~1\LAUNCH~1\LManager.exe[1184] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 015495FF
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0127B8B5
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0127BA9B
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 0127BB3D
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01281E92
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01281FF9
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WS2_32.dll!send 71AB428A 5 Bytes JMP 012732E5
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01273306
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 012732AD
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 012766C1
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 0127982F
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 0127977A
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01279557
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01279803
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01279737
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 012795AB
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 012797B9
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 0127969B
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[1200] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 012795FF
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 007D2F90
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007D30EE
    .text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 007DDEDD
    .text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 007DE012
    .text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!send 71AB428A 5 Bytes JMP 007DC178
    .text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 007DC195
    .text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 007DC144
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 007E04AD
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 007E0406
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 007E037A
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 007E044B
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 007E046E
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007E039C
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 007E0428
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 007E03E2
    .text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 007E03BE
    .text C:\WINDOWS\system32\svchost.exe[1216] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 007D2AE0
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D4B8B5
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D4BA9B
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 00D4BB3D
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D51E92
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00D51FF9
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00D466C1
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D432E5
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D43306
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D432AD
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00D4982F
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00D4977A
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00D49557
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00D49803
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00D49737
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00D495AB
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00D497B9
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00D4969B
    .text C:\Program Files\Windows Live\Family Safety\fsui.exe[1316] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00D495FF
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 01B3B8B5
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01B3BA9B
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 01B3BB3D
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01B41E92
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01B41FF9
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WS2_32.dll!send 71AB428A 5 Bytes JMP 01B332E5
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01B33306
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01B332AD
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 01B366C1
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 01B3982F
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 01B3977A
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01B39557
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01B39803
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01B39737
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 01B395AB
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 01B397B9
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 01B3969B
    .text C:\Program Files\TalkTalk\bin\sprtcmd.exe[1332] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 01B395FF
    .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A22F90
    .text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A230EE
    .text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00A2DEDD
    .text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00A2E012
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A2C178
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00A2C195
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00A2C144
    .text C:\WINDOWS\system32\spoolsv.exe[1388] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00A22AE0
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00A304AD
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00A30406
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00A3037A
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00A3044B
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00A3046E
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00A3039C
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00A30428
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00A303E2
    .text C:\WINDOWS\system32\spoolsv.exe[1388] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00A303BE
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00622F90
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 006230EE
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WS2_32.dll!send 71AB428A 5 Bytes JMP 0062C178
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0062C195
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0062C144
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0062DEDD
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0062E012
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00622AE0
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 006304AD
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00630406
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0063037A
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0063044B
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0063046E
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0063039C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00630428
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 006303E2
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1528] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 006303BE
  7. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    .text C:\WINDOWS\system32\ctfmon.exe[1560] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00C5B8B5
    .text C:\WINDOWS\system32\ctfmon.exe[1560] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\system32\ctfmon.exe[1560] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C5BA9B
    .text C:\WINDOWS\system32\ctfmon.exe[1560] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 00C5BB3D
    .text C:\WINDOWS\system32\ctfmon.exe[1560] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00C61E92
    .text C:\WINDOWS\system32\ctfmon.exe[1560] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00C61FF9
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C532E5
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00C53306
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C532AD
    .text C:\WINDOWS\system32\ctfmon.exe[1560] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00C566C1
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00C5982F
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00C5977A
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00C59557
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00C59803
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00C59737
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00C595AB
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00C597B9
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00C5969B
    .text C:\WINDOWS\system32\ctfmon.exe[1560] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00C595FF
    .text C:\WINDOWS\eHome\ehSched.exe[1632] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00072F90
    .text C:\WINDOWS\eHome\ehSched.exe[1632] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000730EE
    .text C:\WINDOWS\eHome\ehSched.exe[1632] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007DEDD
    .text C:\WINDOWS\eHome\ehSched.exe[1632] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0007E012
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WS2_32.dll!send 71AB428A 5 Bytes JMP 0007C178
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0007C195
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0007C144
    .text C:\WINDOWS\eHome\ehSched.exe[1632] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00072AE0
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000804AD
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00080406
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0008037A
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0008044B
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0008046E
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0008039C
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00080428
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000803E2
    .text C:\WINDOWS\eHome\ehSched.exe[1632] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000803BE
    .text C:\WINDOWS\Explorer.exe[1728] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 02D7B8B5
    .text C:\WINDOWS\Explorer.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 012030EE
    .text C:\WINDOWS\Explorer.exe[1728] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 02D7BA9B
    .text C:\WINDOWS\Explorer.exe[1728] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 02D7BB3D
    .text C:\WINDOWS\Explorer.exe[1728] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 02D81E92
    .text C:\WINDOWS\Explorer.exe[1728] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 02D81FF9
    .text C:\WINDOWS\Explorer.exe[1728] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 02D766C1
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 02D7982F
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 02D7977A
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02D79557
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 02D79803
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 02D79737
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 02D795AB
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 02D797B9
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 02D7969B
    .text C:\WINDOWS\Explorer.exe[1728] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 02D795FF
    .text C:\WINDOWS\Explorer.exe[1728] WS2_32.dll!send 71AB428A 5 Bytes JMP 02D732E5
    .text C:\WINDOWS\Explorer.exe[1728] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 02D73306
    .text C:\WINDOWS\Explorer.exe[1728] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 02D732AD
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00BCB8B5
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BCBA9B
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 00BCBB3D
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00BD1E92
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00BD1FF9
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BC32E5
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BC3306
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BC32AD
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00BC66C1
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00BC982F
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00BC977A
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00BC9557
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00BC9803
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00BC9737
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00BC95AB
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00BC97B9
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00BC969B
    .text C:\WINDOWS\eHome\ehmsas.exe[1736] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00BC95FF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0121B8B5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0121BA9B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 0121BB3D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01221E92
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01221FF9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!HttpQueryInfoA 63017353 5 Bytes JMP 0121982F
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!InternetReadFile 6301AC9D 5 Bytes JMP 0121977A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01219557
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01219803
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01219737
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!HttpSendRequestA 6302E822 5 Bytes JMP 012195AB
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!InternetReadFileExA 630337B6 5 Bytes JMP 012197B9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 0121969B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] Wininet.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 012195FF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] WS2_32.dll!send 71AB428A 5 Bytes JMP 012132E5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01213306
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 012132AD
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1852] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 012166C1
    .text C:\Acer\Empowering Technology\admServ.exe[1856] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 01732F90
    .text C:\Acer\Empowering Technology\admServ.exe[1856] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 017330EE
    .text C:\Acer\Empowering Technology\admServ.exe[1856] user32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0173DEDD
    .text C:\Acer\Empowering Technology\admServ.exe[1856] user32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0173E012
    .text C:\Acer\Empowering Technology\admServ.exe[1856] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 01732AE0
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 017404AD
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 01740406
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0174037A
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0174044B
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0174046E
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0174039C
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 01740428
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 017403E2
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 017403BE
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WS2_32.dll!send 71AB428A 5 Bytes JMP 0173C178
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0173C195
    .text C:\Acer\Empowering Technology\admServ.exe[1856] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0173C144
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00072F90
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000730EE
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0101F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007DEDD
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0007E012
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WS2_32.dll!send 71AB428A 5 Bytes JMP 0007C178
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0007C195
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0007C144
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000804AD
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00080406
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0008037A
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0008044B
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0008046E
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0008039C
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00080428
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000803E2
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000803BE
    .text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1924] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00072AE0
    .text C:\WINDOWS\eHome\ehRec.exe[1944] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00072F90
    .text C:\WINDOWS\eHome\ehRec.exe[1944] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000730EE
    .text C:\WINDOWS\eHome\ehRec.exe[1944] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007DEDD
    .text C:\WINDOWS\eHome\ehRec.exe[1944] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0007E012
    .text C:\WINDOWS\eHome\ehRec.exe[1944] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00072AE0
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WS2_32.dll!send 71AB428A 5 Bytes JMP 0007C178
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0007C195
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0007C144
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000804AD
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00080406
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0008037A
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0008044B
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0008046E
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0008039C
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00080428
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000803E2
    .text C:\WINDOWS\eHome\ehRec.exe[1944] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000803BE
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00132F90
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001330EE
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WS2_32.dll!send 71AB428A 5 Bytes JMP 0013C178
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0013C195
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0013C144
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013DEDD
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0013E012
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00132AE0
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 001404AD
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00140406
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0014037A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0014044B
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0014046E
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0014039C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00140428
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 001403E2
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2136] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 001403BE
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00132F90
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001330EE
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013DEDD
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0013E012
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WS2_32.dll!send 71AB428A 5 Bytes JMP 0013C178
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0013C195
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0013C144
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00132AE0
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 001404AD
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00140406
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0014037A
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0014044B
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0014046E
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0014039C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00140428
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 001403E2
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2224] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 001403BE
    .text C:\WINDOWS\eHome\ehRec.exe[2228] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00072F90
    .text C:\WINDOWS\eHome\ehRec.exe[2228] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000730EE
    .text C:\WINDOWS\eHome\ehRec.exe[2228] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007DEDD
    .text C:\WINDOWS\eHome\ehRec.exe[2228] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0007E012
    .text C:\WINDOWS\eHome\ehRec.exe[2228] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00072AE0
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WS2_32.dll!send 71AB428A 5 Bytes JMP 0007C178
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0007C195
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0007C144
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000804AD
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00080406
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0008037A
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0008044B
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0008046E
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0008039C
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00080428
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000803E2
    .text C:\WINDOWS\eHome\ehRec.exe[2228] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000803BE
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00162F90
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001630EE
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0016DEDD
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0016E012
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WS2_32.dll!send 71AB428A 5 Bytes JMP 0016C178
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0016C195
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0016C144
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00162AE0
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 001704AD
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00170406
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0017037A
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0017044B
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0017046E
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0017039C
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00170428
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 001703E2
    .text C:\Documents and Settings\Mandy\Desktop\mysf6dcl.exe[2432] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 001703BE
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00072F90
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000730EE
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007DEDD
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0007E012
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000804AD
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00080406
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0008037A
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0008044B
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0008046E
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0008039C
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00080428
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000803E2
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000803BE
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00072AE0
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WS2_32.dll!send 71AB428A 5 Bytes JMP 0007C178
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0007C195
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2484] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0007C144
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00162F90
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001630EE
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0016DEDD
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0016E012
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WS2_32.dll!send 71AB428A 5 Bytes JMP 0016C178
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0016C195
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0016C144
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00162AE0
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 001704AD
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00170406
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0017037A
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0017044B
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0017046E
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0017039C
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00170428
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 001703E2
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2496] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 001703BE
  8. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00132F90
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001330EE
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013DEDD
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0013E012
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WS2_32.dll!send 71AB428A 5 Bytes JMP 0013C178
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0013C195
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0013C144
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00132AE0
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 001404AD
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00140406
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0014037A
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0014044B
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0014046E
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0014039C
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00140428
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 001403E2
    .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2552] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 001403BE
    .text C:\WINDOWS\system32\svchost.exe[2656] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00082F90
    .text C:\WINDOWS\system32\svchost.exe[2656] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\system32\svchost.exe[2656] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0008DEDD
    .text C:\WINDOWS\system32\svchost.exe[2656] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0008E012
    .text C:\WINDOWS\system32\svchost.exe[2656] WS2_32.dll!send 71AB428A 5 Bytes JMP 0008C178
    .text C:\WINDOWS\system32\svchost.exe[2656] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0008C195
    .text C:\WINDOWS\system32\svchost.exe[2656] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0008C144
    .text C:\WINDOWS\system32\svchost.exe[2656] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00082AE0
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000904AD
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00090406
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0009037A
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0009044B
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0009046E
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0009039C
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00090428
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000903E2
    .text C:\WINDOWS\system32\svchost.exe[2656] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000903BE
    .text C:\WINDOWS\system32\svchost.exe[2736] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00082F90
    .text C:\WINDOWS\system32\svchost.exe[2736] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\system32\svchost.exe[2736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0008DEDD
    .text C:\WINDOWS\system32\svchost.exe[2736] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0008E012
    .text C:\WINDOWS\system32\svchost.exe[2736] WS2_32.dll!send 71AB428A 5 Bytes JMP 0008C178
    .text C:\WINDOWS\system32\svchost.exe[2736] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0008C195
    .text C:\WINDOWS\system32\svchost.exe[2736] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0008C144
    .text C:\WINDOWS\system32\svchost.exe[2736] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00082AE0
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000904AD
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00090406
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0009037A
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0009044B
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0009046E
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0009039C
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00090428
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000903E2
    .text C:\WINDOWS\system32\svchost.exe[2736] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000903BE
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00132F90
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001330EE
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013DEDD
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0013E012
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WS2_32.dll!send 71AB428A 5 Bytes JMP 0013C178
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0013C195
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0013C144
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00132AE0
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 001404AD
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00140406
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0014037A
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0014044B
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0014046E
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0014039C
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00140428
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 001403E2
    .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2812] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 001403BE
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00072F90
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000730EE
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007DEDD
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0007E012
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WS2_32.dll!send 71AB428A 5 Bytes JMP 0007C178
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0007C195
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0007C144
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00072AE0
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000804AD
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00080406
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0008037A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0008044B
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0008046E
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0008039C
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00080428
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000803E2
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2976] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000803BE
    .text C:\WINDOWS\system32\igfxext.exe[3152] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0119B8B5
    .text C:\WINDOWS\system32\igfxext.exe[3152] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001430EE
    .text C:\WINDOWS\system32\igfxext.exe[3152] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0119BA9B
    .text C:\WINDOWS\system32\igfxext.exe[3152] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 0119BB3D
    .text C:\WINDOWS\system32\igfxext.exe[3152] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 011A1E92
    .text C:\WINDOWS\system32\igfxext.exe[3152] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 011A1FF9
    .text C:\WINDOWS\system32\igfxext.exe[3152] WS2_32.dll!send 71AB428A 5 Bytes JMP 011932E5
    .text C:\WINDOWS\system32\igfxext.exe[3152] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01193306
    .text C:\WINDOWS\system32\igfxext.exe[3152] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 011932AD
    .text C:\WINDOWS\system32\igfxext.exe[3152] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 011966C1
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 0119982F
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 0119977A
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01199557
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01199803
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01199737
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011995AB
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 011997B9
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 0119969B
    .text C:\WINDOWS\system32\igfxext.exe[3152] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 011995FF
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0124B8B5
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001330EE
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0124BA9B
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 0124BB3D
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01251E92
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01251FF9
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WS2_32.dll!send 71AB428A 5 Bytes JMP 012432E5
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01243306
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 012432AD
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 012466C1
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 0124982F
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 0124977A
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01249557
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 01249803
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 01249737
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 012495AB
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 012497B9
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 0124969B
    .text C:\WINDOWS\system32\igfxsrvc.exe[3216] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 012495FF
    .text C:\WINDOWS\system32\wscntfy.exe[3524] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00AAB8B5
    .text C:\WINDOWS\system32\wscntfy.exe[3524] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000730EE
    .text C:\WINDOWS\system32\wscntfy.exe[3524] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AABA9B
    .text C:\WINDOWS\system32\wscntfy.exe[3524] kernel32.dll!GetFileAttributesExW 7C8110F5 5 Bytes JMP 00AABB3D
    .text C:\WINDOWS\system32\wscntfy.exe[3524] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00AB1E92
    .text C:\WINDOWS\system32\wscntfy.exe[3524] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00AB1FF9
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WS2_32.dll!send 71AB428A 5 Bytes JMP 00AA32E5
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00AA3306
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00AA32AD
    .text C:\WINDOWS\system32\wscntfy.exe[3524] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00AA66C1
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 00AA982F
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00AA977A
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00AA9557
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 00AA9803
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 00AA9737
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00AA95AB
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00AA97B9
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 00AA969B
    .text C:\WINDOWS\system32\wscntfy.exe[3524] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 00AA95FF
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00152F90
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001530EE
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0015DEDD
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0015E012
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WS2_32.dll!send 71AB428A 5 Bytes JMP 0015C178
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0015C195
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0015C144
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00152AE0
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 001604AD
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00160406
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0016037A
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0016044B
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0016046E
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0016039C
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00160428
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 001603E2
    .text C:\DOCUME~1\Mandy\LOCALS~1\Temp\RtkBtMnt.exe[3616] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 001603BE
    .text C:\WINDOWS\system32\msiexec.exe[3756] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00082F90
    .text C:\WINDOWS\system32\msiexec.exe[3756] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\system32\msiexec.exe[3756] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0008DEDD
    .text C:\WINDOWS\system32\msiexec.exe[3756] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0008E012
    .text C:\WINDOWS\system32\msiexec.exe[3756] WS2_32.dll!send 71AB428A 5 Bytes JMP 0008C178
    .text C:\WINDOWS\system32\msiexec.exe[3756] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0008C195
    .text C:\WINDOWS\system32\msiexec.exe[3756] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0008C144
    .text C:\WINDOWS\system32\msiexec.exe[3756] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00082AE0
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000904AD
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00090406
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0009037A
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0009044B
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0009046E
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0009039C
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00090428
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000903E2
    .text C:\WINDOWS\system32\msiexec.exe[3756] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000903BE
    .text C:\WINDOWS\System32\alg.exe[3960] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00082F90
    .text C:\WINDOWS\System32\alg.exe[3960] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000830EE
    .text C:\WINDOWS\System32\alg.exe[3960] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0008DEDD
    .text C:\WINDOWS\System32\alg.exe[3960] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 0008E012
    .text C:\WINDOWS\System32\alg.exe[3960] WS2_32.dll!send 71AB428A 5 Bytes JMP 0008C178
    .text C:\WINDOWS\System32\alg.exe[3960] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0008C195
    .text C:\WINDOWS\System32\alg.exe[3960] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0008C144
    .text C:\WINDOWS\System32\alg.exe[3960] CRYPT32.dll!PFXImportCertStore 77AEF748 5 Bytes JMP 00082AE0
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!HttpQueryInfoA 63017353 5 Bytes JMP 000904AD
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!InternetReadFile 6301AC9D 5 Bytes JMP 00090406
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 0009037A
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!InternetQueryDataAvailable 6301FEB1 5 Bytes JMP 0009044B
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!InternetCloseHandle 63020A61 5 Bytes JMP 0009046E
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 0009039C
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!InternetReadFileExA 630337B6 5 Bytes JMP 00090428
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!HttpSendRequestExA 6308A9EE 5 Bytes JMP 000903E2
    .text C:\WINDOWS\System32\alg.exe[3960] WININET.dll!HttpSendRequestExW 6308AA47 5 Bytes JMP 000903BE

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

    AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4fde349
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014a4fde349 (not active ControlSet)
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce@F ????????? ????????????????????????????????\U&????????????????????1??????1???????1???????? ??????????????????? ??????????????????????????????N?DO ???????23???????????s???d??????????????????????????? ????????????????????????????????\U&????????????????????1????????????N?????????RstrCC.RstrProgress?1?????N??????????????????=???????S???????????????????????????????????E???????????????????????????????????????????????;??????????????????????????????????????????RstrCC.RstrProgress.1???????? ??????????????????????????????????????????????????????? ??????????????????????????????l?in?????????_??C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll???"C:\Program Files\Java\jre6\bin\javaw.exe" -jar "%1" %*?%1??? ??????????????????????????????,???&???????????????????????? ??????????????????????????????^???????????????2449????? ??????????????????????????????????&???????????????????????????? ??????????????????????????????????&???????????????????????? ??????????????????????????????????&???????????????????????? ?????????????????

    ---- EOF - GMER 1.0.15 ----

    That's the last one!!!
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Quite a job, huh? Welcome to TechSpot. I'll help you sort through the malware. Most of what I see in Mbam is Hotbar and MyWebSearch. I did see one entry though that you need to be aware of:
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

    We don't know if or what data may have been stolen, but I did advise you to change all your passwords. If you have online financial transactions, monitor them carefully. There was also a Backdoor.bot.

    Note regarding following instructions below: If you do not have a functioning antivirus program running on the system, please do not connect to the internet. check 'Work Offline' in the File drop down menu:
    Download Combofix and the Eset scan to a flash drive, then install on the problem computer and run whi;e offline.
    1. You have Mbam installed already- just don't do the update.
    2. You have DDS installed- is that correct? So you can try to run the can while offline.
    This system was badly infected.The Security Center is only a part. Was there no antivirus running on the computer? Is there a reason why you ran Malwarebytes in Safe Mode? I'd like you to reboot the computer, then run Malwarebytes again, in Normal Mode.

    When you have finished, please try DDS again.

    Then Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =======================================
    Follow with download of ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Please read our instructions carefully. They will advise if you should run something in Safe Mode. And there is a line in GMER saying not to check 'show all.' I think you might have missed that.

    Even with so many logs, I have very little information about the system so it's important to get DDS out also.
  10. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    Hi,

    I ran Malwarebytes in safe mode as I couldn't run it in normal mode due to the Security Center stopping it prematurely with it's own fake virus warnings.
    Unfortunately I don't know why it has no antivirus on, it's not my laptop, I'm just helping them to get it sorted!

    I'll follow your latest instructions and report back, thanks for the quick response.

    Phil
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Unless you get an antivirus program on this system, it's a waste of time to try and clean it-unless you disconnect from the internet and use a flash drive for the downloads. Without an antivirus program, any connection to the internet will allow malware.

    My suggestion would be to wipe the drive, reformat, reinstall and put proper security on the system.
     
  12. FlyerPhil

    FlyerPhil Newcomer, in training Topic Starter Posts: 19

    Hi Bobbye,

    I went back to the owners and advised they do exactly that. They're in the process of changing passwords to anything they logged into on it.

    I found out why there was no antivirus on. Apparently they were running out of disk space (it's an old laptop with a smaill HDD) so they tried uninstalling some programs to free up space. You can guess what they chose to uninstall :rolleyes:

    Anyway, thanks for your help, it was much appreciated :grinthumb

    Phil
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thanks for the update Phil. Hopefully they now understand that they get rid of Toolbars and BHOs and a gazillion other things instead of the antivirus program! And perhaps they can consider an external hard drive.

    I'm going to close this thread as I don't see any other solution but to start over and do it right!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.