fake antivirus popup

I tried to download a couple of different antivirus programs to replace it but was unable to  due to windows firewall..

Are you able to post a log?

Please Read This Before Posting For Malware Removal Help

the exact same program got me.  i restored my system to a previously set point in time and it disappeared.  click programs, accessories, system tools, system restore, and let windows restore your system to a previous time.  you will lose anything that was put on your computer from the restore date to now, but it will get rid of that virus.  just make sure you go back before you got infected.   good luck

I am not sure going to back to a restore point will solve this problem - from what I understand this kind of virus buries itself and is hard to remove.  Everything I have been able to find out about it leads me to believe you have wipe your computer clean and then reinstall Windows.  I am in the process of sending my log so that it can looked over by a tech.  I would probably check more closely because you are not only getting malware but also spyware.  Make sure you make the discs from Dells Datasafe as this will help with the process - I am hoping I will not have to do this but rather be safe than not.

I'm not a Dell Tech, but I can tell you that Hijackthis was not built to run on Windows 7, so that won't be much help. I wish you had told us you were running Win 7 when you first posted. Now that you have edited to include the log, I have a bit more info.

Try a scan with MBAM. * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned below to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the files to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates,
• manually download them from here
  and just double-click on mbam-rules.exe to install.
  Alternatively, you can update through MBAM's interface from a clean computer,
  copy the definitions (rules.ref) located in
  C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
  Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top.
• It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully.
• Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report into your next reply and exit MBAM. We may have to remove this manually if that does not work.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE

Thankyou for your help I follow your instructions  I am posting the results........What should I do now  Thankyou

nternet Explorer 8.0.7600.16385

2/24/2010 11:39:48 AM
mbam-log-2010-02-24 (11-39-48).txt

Scan type: Quick Scan
Objects scanned: 97670
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2372496266-1293665413-2271099843-1000\$RDGPNMW.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\wendy\downloads\regtool.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

here are the scan logs you requested

DDS (Ver_09-12-01.01) - NTFSX64 
Run by wendy at 12:28:36.70 on Wed 02/24/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4057.2586 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\vds.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\wendy\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/ig?hl=en
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [systray] c:\program files (x86)\dell\dell mobile broadband\systray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\wendy\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\dellto~1.lnk - c:\program files (x86)\dell touch zone\fingertapps.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2010-2-22 33800]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-9-30 55280]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2009-7-15 27648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2009-9-30 656624]
R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\dell\dell wwan\wmcore\mini_wmcore.exe servicemode --> c:\program files (x86)\dell\dell wwan\wmcore\mini_WMCore.exe servicemode [?]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2009-9-30 23912]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-30 172704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-31 138752]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-9-30 5435904]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdgx64.sys [2009-9-30 69152]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-19 314400]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-5 135664]

=============== Created Last 30 ================

2010-02-24 19:33:43 0 d-----w- c:\users\wendy\appdata\roaming\Malwarebytes
2010-02-24 19:33:37 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 19:33:37 0 d-----w- c:\programdata\Malwarebytes
2010-02-24 19:33:37 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-02-24 16:45:12 0 d-----w- c:\program files (x86)\Trend Micro
2010-02-23 07:38:17 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-02-23 07:38:07 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-22 22:59:13 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2010-02-22 22:59:12 0 d-----w- c:\program files (x86)\Panda Security
2010-02-22 17:19:32 0 d-----w- c:\program files (x86)\Anti-Virus Elite
2010-02-20 23:57:00 74471 ----a-w- c:\users\wendy\.recently-used.xbel
2010-02-20 08:34:33 0 d-----w- c:\users\wendy\appdata\roaming\Reg-Tool
2010-02-20 08:34:25 0 d-----w- c:\program files (x86)\Reg-Tool
2010-02-20 06:17:37 0 ----a-w- c:\windows\syswow64\config.nt
2010-02-20 06:17:17 0 d-----w- c:\programdata\Alwil Software
2010-02-20 06:17:17 0 d-----w- c:\program files\Alwil Software
2010-02-11 04:38:48 132 ----a-w- c:\users\wendy\.gtk-bookmarks
2010-02-09 04:17:44 0 d-----w- c:\programdata\LogiShrd
2010-02-09 04:17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-09 04:17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-09 04:17:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-02-09 04:17:01 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-09 04:17:00 96272 ----a-w- c:\windows\system32\KemXML.dll
2010-02-09 04:17:00 235536 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-09 04:17:00 235536 ----a-w- c:\windows\system32\kemutb.dll
2010-02-09 04:17:00 159248 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-09 04:16:54 0 d-----w- c:\programdata\Logitech
2010-02-09 04:16:52 0 d-----w- c:\program files\common files\Logishrd
2010-02-09 04:16:50 0 d-----w- c:\program files\Logitech
2010-02-05 01:55:49 0 d-----w- c:\users\wendy\appdata\roaming\Dell Touch Zone
2010-02-05 01:55:47 0 d-----w- c:\program files (x86)\Dell Touch Zone
2010-02-05 01:42:23 4480 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-02-04 07:29:36 756 ----a-w- c:\users\wendy\appdata\roaming\wklnhst.dat
2010-02-02 02:32:44 0 d-----w- c:\programdata\CyberLink
2010-02-02 01:51:25 0 d--h--w- c:\programdata\CanonBJ
2010-02-01 17:41:01 0 d-----w- c:\users\wendy\appdata\roaming\Roxio Log Files
2010-02-01 06:40:23 15168 ----a-w- c:\windows\system32\results.xml
2010-02-01 06:36:07 0 d-----w- c:\windows\syswow64\SDA
2010-02-01 06:36:07 0 d-----w- c:\program files (x86)\O2Micro
2010-02-01 06:33:50 0 d-----w- c:\program files\IDT
2010-02-01 06:31:55 0 d-----w- c:\program files\ATI Technologies
2010-02-01 06:31:52 0 d-----w- c:\program files\ATI
2010-02-01 06:28:52 5120 ----a-w- c:\windows\system32\HdmiCoin.dll
2010-02-01 06:28:52 138752 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2010-02-01 06:26:00 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2010-02-01 06:25:11 0 d-----w- c:\program files (x86)\Realtek
2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\Telespree
2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\common files\Zeepe Framework 7
2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\common files\Telespree
2010-02-01 06:21:30 0 d-----w- c:\programdata\Novatel Wireless
2010-01-31 10:04:19 0 d-----w- c:\programdata\NOS
2010-01-27 17:39:06 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 17:39:06 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 17:39:06 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-27 07:52:34 0 d-----w- c:\users\wendy\.thumbnails
2010-01-27 07:19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-01-27 07:02:40 0 d-----w- c:\users\wendy\.gimp-2.6
2010-01-27 07:02:03 0 d-----w- c:\program files (x86)\GIMP-2.0
2010-01-27 05:59:44 0 d-----w- C:\Temp

==================== Find3M  ====================

2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-22 19:54:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-14 19:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-08 03:38:32 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:38:28 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-22 08:36:19 243200 ----a-w- c:\windows\system32\wow64.dll
2009-12-22 08:24:35 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
2009-12-22 08:23:35 25600 ----a-w- c:\windows\syswow64\setup16.exe
2009-12-22 08:22:10 5120 ----a-w- c:\windows\syswow64\wow32.dll
2009-12-22 04:28:10 7680 ----a-w- c:\windows\syswow64\instnm.exe
2009-12-22 04:28:08 2048 ----a-w- c:\windows\syswow64\user.exe
2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-15 10:35:32 760344 ----a-w- c:\windows\syswow64\igxpun.exe
2009-12-15 10:35:32 166424 ----a-w- c:\windows\system32\igfxtray.exe
2009-12-15 10:35:30 510488 ----a-w- c:\windows\system32\igfxsrvc.exe
2009-12-15 10:35:30 3126808 ----a-w- c:\windows\system32\GfxUI.exe
2009-12-15 10:35:28 410136 ----a-w- c:\windows\system32\igfxpers.exe
2009-12-15 10:35:28 390680 ----a-w- c:\windows\system32\hkcmd.exe
2009-12-15 10:35:28 222744 ----a-w- c:\windows\system32\igfxext.exe
2009-12-15 10:35:28 152600 ----a-w- c:\windows\system32\difx64.exe
2009-12-15 10:30:28 91136 ----a-w- c:\windows\system32\igfxCoIn_v2021.dll
2009-12-15 10:26:42 5968896 ----a-w- c:\windows\system32\igdumd64.dll
2009-12-15 10:25:06 982224 ----a-w- c:\windows\syswow64\igkrng500.bin
2009-12-15 10:25:06 982224 ----a-w- c:\windows\system32\igkrng500.bin
2009-12-15 10:25:06 92292 ----a-w- c:\windows\syswow64\igfcg500m.bin
2009-12-15 10:25:06 92292 ----a-w- c:\windows\system32\igfcg500m.bin
2009-12-15 10:25:06 439336 ----a-w- c:\windows\syswow64\igcompkrng500.bin
2009-12-15 10:25:06 439336 ----a-w- c:\windows\system32\igcompkrng500.bin
2009-12-15 10:21:26 4499456 ----a-w- c:\windows\syswow64\igdumd32.dll
2009-12-15 10:16:04 550912 ----a-w- c:\windows\syswow64\igdumdx32.dll
2009-12-15 10:15:04 4099072 ----a-w- c:\windows\system32\igd10umd64.dll
2009-12-15 10:12:00 3896832 ----a-w- c:\windows\syswow64\igd10umd32.dll
2009-12-15 10:08:14 5517312 ----a-w- c:\windows\system32\ig4dev64.dll
2009-12-15 10:07:26 8129024 ----a-w- c:\windows\system32\ig4icd64.dll
2009-12-15 10:02:20 4077568 ----a-w- c:\windows\syswow64\ig4dev32.dll
2009-12-15 10:02:06 6060032 ----a-w- c:\windows\syswow64\ig4icd32.dll
2009-12-15 09:53:30 377856 ----a-w- c:\windows\system32\igfxTMM.dll
2009-12-15 09:53:30 27648 ----a-w- c:\windows\system32\igfxexps.dll
2009-12-15 09:53:28 248320 ----a-w- c:\windows\system32\igfxpph.dll
2009-12-15 09:53:10 61440 ----a-w- c:\windows\system32\igfxsrvc.dll
2009-12-15 09:52:44 108544 ----a-w- c:\windows\system32\hccutils.dll
2009-12-15 09:52:34 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2009-12-15 09:52:34 268800 ----a-w- c:\windows\system32\igfxdev.dll
2009-12-15 09:52:34 119296 ----a-w- c:\windows\system32\gfxSrvc.dll
2009-12-15 09:52:08 9014784 ----a-w- c:\windows\system32\igfxress.dll
2009-12-15 09:52:08 142336 ----a-w- c:\windows\system32\igfxdo.dll
2009-12-15 09:48:30 59392 ----a-w- c:\windows\syswow64\oemdspif.dll
2009-12-15 09:47:36 226304 ----a-w- c:\windows\syswow64\igfxdv32.dll
2009-12-15 09:42:44 208896 ----a-w- c:\windows\syswow64\iglhsip32.dll
2009-12-15 09:42:44 205824 ----a-w- c:\windows\system32\iglhsip64.dll
2009-12-15 09:42:44 187392 ----a-w- c:\windows\system32\iglhcp64.dll
2009-12-15 09:42:44 143360 ----a-w- c:\windows\syswow64\iglhcp32.dll
2009-12-13 09:46:36 960512 ----a-w- c:\windows\system32\CPFilters.dll
2009-12-13 09:46:36 613888 ----a-w- c:\windows\system32\psisdecd.dll
2009-12-13 09:46:34 552960 ----a-w- c:\windows\system32\msdri.dll
2009-12-13 09:30:50 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2009-12-13 09:30:50 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-12-03 17:27:28 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2009-12-03 17:27:28 104480 ----a-w- c:\windows\system32\RTNUninst64.dll
2009-12-02 08:17:14 716800 ----a-w- c:\windows\syswow64\jscript.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-30 23:20:52 75 --sh--r- c:\windows\CT4CET.bin
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:28:48.46 ===============

We need to see some additional information about what is happening in your machine.

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• Click Yes at the prompt for Optional Scan.
• When done, DDS will open two (2) logs

• 1. DDS.txt
  2. Attach.txt

• Save both reports to your desktop.
• Copy/paste both logs to your reply on the forum.
• Close the program window, and delete the program from your desktop.

• Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

i hope I have gotten right just let me know

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/18/2010 7:25:24 PM
System Uptime: 2/24/2010 12:15:52 PM (1 hours ago)

Motherboard: Dell Inc. |  | 0G914P
Processor: Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz | U2E1 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 420.051 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP23: 2/7/2010 1:07:36 AM - Restore Operation
RP24: 2/8/2010 7:55:51 AM - Windows Update
RP27: 2/11/2010 9:14:02 AM - Windows Update
RP28: 2/13/2010 3:00:20 AM - Windows Update
RP29: 2/15/2010 2:44:54 PM - Windows Update
RP30: 2/18/2010 2:14:19 PM - Windows Update
RP31: 2/19/2010 10:17:07 PM - avast! Free Antivirus Setup
RP32: 2/19/2010 11:29:24 PM - avast! Free Antivirus Setup
RP33: 2/20/2010 12:34:11 AM - Installed Reg-Tool
RP34: 2/20/2010 12:37:59 AM - Removed Reg-Tool
RP35: 2/20/2010 12:38:54 AM - Removed Reg-Tool
RP36: 2/20/2010 12:39:38 AM - Removed Reg-Tool
RP37: 2/20/2010 12:40:35 AM - Removed Reg-Tool
RP38: 2/22/2010 12:34:39 AM - Installed Device Package
RP39: 2/22/2010 10:27:27 PM - Windows Update
RP40: 2/22/2010 11:41:49 PM - Windows Update
RP41: 2/23/2010 9:16:45 AM - Windows Update
RP42: 2/23/2010 2:02:24 PM - Windows Update
RP43: 2/23/2010 11:22:45 PM - Windows Update
RP44: 2/24/2010 12:26:47 PM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Advanced Audio FX Engine
Banctec Service Agreement
Choice Guard
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Driver Download Manager
Dell Getting Started Guide
Dell Mobile Broadband Card Utility
Dell Support Center (Support Software)
Dell Webcam Central
Dell Wireless HSPA Mini-Card Drivers
erLT
GIMP 2.6.8
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HijackThis 2.0.2
IDT Audio
Internet TV for Windows Media Center
IrfanView (remove only)
Java(TM) 6 Update 14
Junk Mail filter update
Live! Cam Avatar Creator
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
O2Micro Flash Memory Card Windows Driver
PowerDVD DX
Realtek 8136 8168 8169 Ethernet Driver
Roxio Burn
Roxio Update Manager
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Flash
Yahoo! BrowserPlus

==== Event Viewer Messages From Past Week ========

2/24/2010 7:16:15 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
2/24/2010 7:15:48 AM, Error: Application Popup [877]  - There was error [DATABASE OPEN FAILED] processing the driver database.
2/24/2010 12:16:23 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
2/24/2010 12:16:23 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013]  - The DHCP allocator has disabled itself on IP address 192.168.1.66, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
2/24/2010 11:00:20 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMCoreService service.
2/24/2010 1:04:05 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer JENNIFER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D1E3EF46-0927-45F8-9C36-4FCBC559C90B}. The master browser is stopping or an election is being forced.
2/22/2010 9:19:48 AM, Error: Application Popup [1060]  - \??\C:\Users\wendy\AppData\Local\Temp\mc25691.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/20/2010 12:03:52 AM, Error: Service Control Manager [7024]  - The Norton Internet Security service terminated with service-specific error %%-1.
2/19/2010 10:24:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0x0000000000000064, 0x0000000000000002, 0x0000000000000000, 0xfffff880074d588e). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021910-22900-01.
2/19/2010 10:15:56 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013]  - The DHCP allocator has disabled itself on IP address 169.254.29.229, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

==== End Of File ===========================

I cannot open that. Please copy and paste it into your reply.

Yes, that's all we need for now.

Wow, that  IS a new computer. I'm sure you have discovered that the internet is not as safe as it was back in the Windows 98 days. I'll give you some prevention tips when we are finished.

I will post more instructions after I review the logs. Give me a couple of hours. In the meantime, disconnect from the internet. Your security on there at the moment is very lacking and that computer is vulnerable.

Please post your Attach.txt. Thanks.

http://en.community.dell.com/cfs-file.ashx/__key/CommunityServer.Discussions.Components.Files/3521/4503.Attach-reports.txt

I hope this is what you want - if you need for me to paste in the whole report text please let me know I am keeping an eye on this so I can do whatever as soon as you need it-Thankyou

I hate admitting it but I haven't had a new computer since windows 98SE came out (pretty bad)  It pretty much has done the trick up til a couple of years ago.  And I never had problems with it when I was online I kept it pretty clean up.  Well I am learning an awful lot about how bad the internet has gotten since I last used it.  Thankyou for your help and I will keep an eye out for your next post. /wendy

By default, the built-in administrator account is named Administrator, and is disabled. Please enable it and login as Administrator.
To do that try the first option shown here: http://www.sevenforums.com/tutorials/507-built-administrator-account-enable-disable.html

Next, reboot into Safemode as follows:

Restart your computer.

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows 7 Advanced Boot Options.

Select the Safe Mode option using the arrow keys.

Then press the enter key on your keyboard to boot into Windows 7 Safe Mode. Be patient whilethe drivers load. Let Windows do its thing. the screen will look a bit different, but  when Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.

Please open Task Manager using Ctrl + Shift + Esc

Look for this process and End Task:
Anti-Virus Elite.exe unins000.exe

Browse to and delete these Folders in red text if they exist:
C:\Documents and Settings\All Users\Start Menu\Programs\Anti-Virus Elite
C:\Program Files\Anti-Virus Elite

Reboot into normal mode.

Go back and disable the Admin Account. Log out.

Login with your normal user account.

Malwarebytes should have found and removed Anti-Virus Elite. Please open MBAM. Go to the Update Tab. Click on Update. Make sure MBAM has been updated, and run another scan. The top of your MBAM log was cut off earlier. Make sure you post the entire log. Thanks.

Let me know how things are running at that point. Does Anti-Virus Elite seem to be gone?

sorry this took so long I didn't quite get the adminstrator but I think I finally figured it out.  I went into safe mode and could not find the Anti-Virus Elite.exe unins000.exe in processes.  I did do a search on the different files and found some files on the C: drive.  I tried to delete but kept receiving  an error message  ERROR OX800004002.

I went from safe mode to normal mode and rescanned - below is the log.  If I did anything wrong and I will redo it.  This has been a huge learning experience for me and I very much appreciate your help just let me know what I need to do and it is done.

Malwarebytes' Anti-Malware 1.44
Database version: 3788
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/24/2010 9:51:42 PM
mbam-log-2010-02-24 (21-51-42).txt

Scan type: Quick Scan
Objects scanned: 97587
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3786
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/24/2010 11:39:48 AM
mbam-log-2010-02-24 (11-39-48).txt

Scan type: Quick Scan
Objects scanned: 97670
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2372496266-1293665413-2271099843-1000\$RDGPNMW.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\wendy\downloads\regtool.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.