Can You Check This For Me?[RESOLVED]

[wra]

Hello, I am running Vista home basic, so I could not run or install ERUNT. I did however do the rest of them. My pc is running really weird so if you can find anything wrong please let me know. Thanks!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:37:50 PM, on 2/1/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\BigFix\bigfix.exe

C:\Program Files\ScanSoft\OmniPageSE4.0

\OpWareSE4.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Common Files\AOL\1203538677

\ee\aolsoftware.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Discover\SOAN\SOAN.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifi

er.exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\NetZero\qsacc\x1exec.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEUser.exe

C:\WINDOWS\System32\OBroker.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\PopCap Games\Dynomite

Deluxe\Dynomite.exe

C:\Downloads\Software\HJTInstall(1).exe

C:\WINDOWS\explorer.exe

C:\Downloads\Software\HJTInstall.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.webshots.com/r/internal/start/client/RAND

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.gateway.com/g/startpage.html?

Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://my.netzero.net/s/search?r=minisearch

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.gateway.com/g/startpage.html?

Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =

R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Inter

net Settings,ProxyServer = http=127.0.0.1:7900

R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Inter

net Settings,ProxyOverride =

64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.

com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.

com;*wustat.windows.com;*.pogo.com;*test-

speed.com;liveupdate.symantecliveupdate.com;*symante

c.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;

cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;

<local>

R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: URLSearchHook Class -

{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -

C:\Program Files\NetZero\SearchEnh1.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-

4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-

A615-E903858CF284} - C:\Program

Files\NetZero\qsacc\X1IEBHO.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-

0411-48E4-9AAF-4BC42A6A46BE} - C:\Program

Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-

B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0

\bin\ssv.dll

O2 - BHO: Discover deskshop Browser Helper Object -

{8DB3D69D-DA5E-4165-B781-72A761790672} -

C:\Windows\system32\BhoDshop.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-

4D26-9990-79A187E2698E} - C:\PROGRA~1

\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-

4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-

7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Browser Address Error Redirector -

{CA6319C0-31B7-401E-A518-A07C3DB8F777} -

c:\google\BAE.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-

7E43-44FA-9FAA-8377850BF205} - C:\Program

Files\Free Download Manager\iefdm2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-

AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy

-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - c:\program

files\google\googletoolbar2.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-

56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC

-4D26-9990-79A187E2698E} - C:\PROGRA~1

\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Windows Defender] %

ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [bigFix] c:\program

files\Bigfix\bigfix.exe /atstartup

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program

Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding

-boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program

Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program

Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32

\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds]

C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32

\igfxpers.exe

O4 - HKLM\..\Run: [HostManager] C:\Program

Files\Common Files\AOL\1203538677

\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1

\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [secure Online Account Numbers]

C:\PROGRA~1\Discover\SOAN\SOAN.exe

/dontopenmycards

O4 - HKCU\..\Run: [Free Download Manager]

"C:\Program Files\Free Download Manager\fdm.exe" -

autorun

O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifi

er.exe

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program

Files\NetZero\exec.exe regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%

\Windows Sidebar\Sidebar.exe /detectMem (User

'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]

rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%

\Windows Sidebar\Sidebar.exe /detectMem (User

'NETWORK SERVICE')

O4 - Global Startup: BigFix.lnk = C:\Program

Files\BigFix\bigfix.exe

O8 - Extra context menu item: Display All Images with Full

Quality - res://C:\Program

Files\NetZero\qsacc\appres.dll/228

O8 - Extra context menu item: Display Image with Full

Quality - res://C:\Program

Files\NetZero\qsacc\appres.dll/227

O8 - Extra context menu item: Download all with Free

Download Manager - file://C:\Program Files\Free

Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with

Free Download Manager - file://C:\Program Files\Free

Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free

Download Manager - file://C:\Program Files\Free

Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free

Download Manager - file://C:\Program Files\Free

Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~2\Office12

\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0

\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-

4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-

B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2

\Office12\REFIEBAR.DLL

O9 - Extra button: Secure Online Account Numbers -

{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} -

C:\PROGRA~1\Discover\SOAN\SOAN.exe

O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: *.netzero.com

O15 - Trusted Zone: *.netzero.net

O16 - DPF: {0E5F0222-96B9-11D3-8997-

00104BD12D94} (PCPitstop Utility) -

http://utilities.pcpitstop.com/da/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-

9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partner/default/kavwe

bscan_unicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-

4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -

http://acs.pandasoftware.com/activescan/cabs/as2stubie.

cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26F9F739

-EFB1-4473-A747-025C1D26C0D4}: NameServer =

64.136.44.74 64.136.52.74

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-

A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8

\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1

\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: AOL Connectivity Service (AOL ACS) -

AOL LLC - C:\Program Files\Common

Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG

Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8

\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG

Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8

\avgwdsvc.exe

O23 - Service: GoogleDesktopManager - Google -

C:\Program Files\Google\Google Desktop

Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google

- C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. -

C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9976 bytes

Malwarebytes' Anti-Malware 1.33

Database version: 1654

Windows 6.0.6000

2/2/2009 8:07:16 AM

mbam-log-2009-02-02 (08-07-16).txt

Scan type: Quick Scan

Objects scanned: 48374

Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Edited February 2, 2009 by wra122

[Rorschach112]

hello

Please download Wrapper.exe to your desktop

• Double click the program to run it. It will only take a few seconds to run.
  
• When prompted, press any key to exit the program
  

Then post a new HJT log

[wra]

i tried to download the Wrapper.exe And I keep getting a warning that it is a threat or something. I'm not sure how to get it to work. ANY advice???

Thanks, Wanda

[Rorschach112]

Can you get your anti-virus to ignore it, then do it again

[wra]

I turned off my antivirus, but now when it tries to open Windows says the program stopped working and they will let me know if they find a solution. As you can see I am a computer dummy or I would know how to get around this.

[Rorschach112]

its fine

Open notepad, click Format, uncheck wordwrap

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
     

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[wra]

I did the ATF cleaner, Malwarebbytes, and I tried 3 times to run the Kaspersky scan. I am on dial up so it kept knocking me off line before it could finish loading. 1'st time was 2 hours, 2'nd time 1.5 hours, 3'rd time I thought it was going to work, 3 hours and off again. Is there a shorter one that I can load?

[Rorschach112]

yes you can do this one offline

can you post the mbam log

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
  
• Reboot your computer into SafeMode.
  
  You can do this by restarting your computer and continually tapping the
  F8
  key until a menu appears.
  
  
  Use your up arrow key to highlight SafeMode then hit
  enter
  .

  
  

• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked.
  

• 
  
• System Memory
  
  
• Startup Objects
  
  
• Disk Boot Sectors.
  
  
• My Computer.
  
  
• Also any other drives (Removable that you may have)
  
  

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left unneutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.
  
  

[wra]

Here is the log you asked for. I hope I can download theAVP Tool offline, because it started downloading at 12 hours remaining

Malwarebytes' Anti-Malware 1.33

Database version: 1654

Windows 6.0.6000

2/1/2009 11:07:08 AM

mbam-log-2009-02-01 (11-07-08).txt

Scan type: Quick Scan

Objects scanned: 48435

Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 23

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Rorschach112]

if you cant get it working just do this

hello

• Download OTListIt2 to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

[wra]

Thanks for being SO patient! Here is the files

OTListIt logfile created on: 2/5/2009 10:22:34 AM - Run

OTListIt2 by OldTimer - Version 2.0.0.5 Folder = C:\Users\Owner\Desktop

Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16764)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.43 Mb Total Physical Memory | 417.83 Mb Available Physical Memory | 41.23% Memory free

2.22 Gb Paging File | 1.51 Gb Available in Paging File | 68.09% Paging File free

Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 95.31 Gb Total Space | 53.16 Gb Free Space | 55.78% Space Free | Partition Type: NTFS

Drive D: | 28.74 Gb Total Space | 20.34 Gb Free Space | 70.76% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WANDA-PC

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\WINDOWS\System32\wininit.exe (Microsoft Corporation)

C:\WINDOWS\System32\lsm.exe (Microsoft Corporation)

C:\WINDOWS\System32\audiodg.exe (Microsoft Corporation)

C:\WINDOWS\System32\SLsvc.exe (Microsoft Corporation)

C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

C:\WINDOWS\System32\SearchIndexer.exe (Microsoft Corporation)

C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

C:\WINDOWS\System32\taskeng.exe (Microsoft Corporation)

C:\WINDOWS\System32\dwm.exe (Microsoft Corporation)

C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

C:\Program Files\Common Files\AOL\1203538677\ee\aolsoftware.exe (America Online, Inc.)

C:\Program Files\Discover\SOAN\SOAN.exe (Orbiscom Ltd. All rights reserved.)

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)

C:\Users\Owner\Desktop\OTListIt22.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AeLookupSvc [Auto | Running]) -- C:\WINDOWS\System32\aelupsvc.dll (Microsoft Corporation)

SRV - (AOL ACS [On_Demand | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)

SRV - (Appinfo [On_Demand | Running]) -- C:\WINDOWS\System32\appinfo.dll (Microsoft Corporation)

SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (BFE [Auto | Running]) -- C:\WINDOWS\System32\BFE.DLL (Microsoft Corporation)

SRV - (CertPropSvc [unknown | Stopped]) -- C:\WINDOWS\System32\certprop.dll (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (DFSR [On_Demand | Stopped]) -- C:\WINDOWS\System32\dfsr.exe (Microsoft Corporation)

SRV - (DPS [unknown | Running]) -- C:\WINDOWS\System32\dps.dll (Microsoft Corporation)

SRV - (EMDMgmt [Auto | Running]) -- C:\WINDOWS\System32\emdmgmt.dll (Microsoft Corporation)

SRV - (fdPHost [On_Demand | Stopped]) -- C:\WINDOWS\System32\fdPHost.dll (Microsoft Corporation)

SRV - (FDResPub [Auto | Running]) -- C:\WINDOWS\System32\FDResPub.dll (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)

SRV - (gpsvc [unknown | Running]) -- C:\WINDOWS\System32\gpsvc.dll (Microsoft Corporation)

SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (IKEEXT [Auto | Running]) -- C:\WINDOWS\System32\IKEEXT.DLL (Microsoft Corporation)

SRV - (IPBusEnum [On_Demand | Stopped]) -- C:\WINDOWS\System32\IPBusEnum.dll (Microsoft Corporation)

SRV - (iphlpsvc [Auto | Running]) -- C:\WINDOWS\System32\iphlpsvc.dll (Microsoft Corporation)

SRV - (KtmRm [Auto | Running]) -- C:\WINDOWS\System32\msdtckrm.dll (Microsoft Corporation)

SRV - (lltdsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\lltdsvc.dll (Microsoft Corporation)

SRV - (MMCSS [Auto | Running]) -- C:\WINDOWS\System32\mmcss.dll (Microsoft Corporation)

SRV - (MpsSvc [Auto | Running]) -- C:\WINDOWS\System32\MPSSVC.dll (Microsoft Corporation)

SRV - (MSiSCSI [On_Demand | Stopped]) -- C:\WINDOWS\System32\iscsiexe.dll (Microsoft Corporation)

SRV - (netprofm [Auto | Running]) -- C:\WINDOWS\System32\netprofm.dll (Microsoft Corporation)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NlaSvc [Auto | Running]) -- C:\WINDOWS\System32\nlasvc.dll (Microsoft Corporation)

SRV - (nsi [Auto | Running]) -- C:\WINDOWS\System32\nsisvc.dll (Microsoft Corporation)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (p2pimsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\p2psvc.dll (Microsoft Corporation)

SRV - (p2psvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\p2psvc.dll (Microsoft Corporation)

SRV - (PcaSvc [Auto | Running]) -- C:\WINDOWS\System32\pcasvc.dll (Microsoft Corporation)

SRV - (pla [On_Demand | Stopped]) -- C:\WINDOWS\System32\pla.dll (Microsoft Corporation)

SRV - (PlugPlay [Auto | Running]) -- C:\WINDOWS\System32\umpnpmgr.dll (Microsoft Corporation)

SRV - (PNRPAutoReg [On_Demand | Stopped]) -- C:\WINDOWS\System32\p2psvc.dll (Microsoft Corporation)

SRV - (PNRPsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\p2psvc.dll (Microsoft Corporation)

SRV - (PolicyAgent [Auto | Running]) -- C:\WINDOWS\System32\IPSECSVC.DLL (Microsoft Corporation)

SRV - (ProfSvc [Auto | Running]) -- C:\WINDOWS\System32\profsvc.dll (Microsoft Corporation)

SRV - (QWAVE [On_Demand | Stopped]) -- C:\WINDOWS\System32\qwave.dll (Microsoft Corporation)

SRV - (SCardSvr [unknown | Stopped]) -- C:\WINDOWS\System32\SCardSvr.dll (Microsoft Corporation)

SRV - (SCPolicySvc [unknown | Stopped]) -- C:\WINDOWS\System32\certprop.dll (Microsoft Corporation)

SRV - (SDRSVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\sdrsvc.dll (Microsoft Corporation)

SRV - (SessionEnv [On_Demand | Stopped]) -- C:\WINDOWS\System32\SessEnv.dll (Microsoft Corporation)

SRV - (slsvc [Auto | Running]) -- C:\WINDOWS\System32\SLsvc.exe (Microsoft Corporation)

SRV - (SLUINotify [On_Demand | Stopped]) -- C:\WINDOWS\System32\SLUINotify.dll (Microsoft Corporation)

SRV - (SNMPTRAP [On_Demand | Stopped]) -- C:\WINDOWS\System32\snmptrap.exe (Microsoft Corporation)

SRV - (swprv [On_Demand | Stopped]) -- C:\WINDOWS\System32\swprv.dll (Microsoft Corporation)

SRV - (SysMain [Auto | Running]) -- C:\WINDOWS\System32\sysmain.dll (Microsoft Corporation)

SRV - (TabletInputService [Auto | Running]) -- C:\WINDOWS\System32\TabSvc.dll (Microsoft Corporation)

SRV - (TBS [On_Demand | Stopped]) -- C:\WINDOWS\System32\tbssvc.dll (Microsoft Corporation)

SRV - (THREADORDER [On_Demand | Stopped]) -- C:\WINDOWS\System32\mmcss.dll (Microsoft Corporation)

SRV - (TrustedInstaller [unknown | Stopped]) -- C:\WINDOWS\servicing\TrustedInstaller.exe (Microsoft Corporation)

SRV - (UI0Detect [On_Demand | Stopped]) -- C:\WINDOWS\System32\UI0Detect.exe (Microsoft Corporation)

SRV - (UxSms [Auto | Running]) -- C:\WINDOWS\System32\uxsms.dll (Microsoft Corporation)

SRV - (vds [On_Demand | Stopped]) -- C:\WINDOWS\System32\vds.exe (Microsoft Corporation)

SRV - (wcncsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\wcncsvc.dll (Microsoft Corporation)

SRV - (WcsPlugInService [On_Demand | Stopped]) -- C:\WINDOWS\System32\WcsPlugInService.dll (Microsoft Corporation)

SRV - (WdiServiceHost [unknown | Stopped]) -- C:\WINDOWS\System32\wdi.dll (Microsoft Corporation)

SRV - (WdiSystemHost [unknown | Running]) -- C:\WINDOWS\System32\wdi.dll (Microsoft Corporation)

SRV - (Wecsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\wecsvc.dll (Microsoft Corporation)

SRV - (wercplsupport [On_Demand | Stopped]) -- C:\WINDOWS\System32\wercplsupport.dll (Microsoft Corporation)

SRV - (WerSvc [Auto | Running]) -- C:\WINDOWS\System32\wersvc.dll (Microsoft Corporation)

SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WinHttpAutoProxySvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\winhttp.dll (Microsoft Corporation)

SRV - (WinRM [On_Demand | Stopped]) -- C:\WINDOWS\System32\WsmSvc.dll (Microsoft Corporation)

SRV - (Wlansvc [Auto | Running]) -- C:\WINDOWS\System32\wlansvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WPCSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\wpcsvc.dll (Microsoft Corporation)

SRV - (WPDBusEnum [Auto | Running]) -- C:\WINDOWS\System32\wpdbusenum.dll (Microsoft Corporation)

SRV - (WSearch [Auto | Running]) -- C:\WINDOWS\System32\SearchIndexer.exe (Microsoft Corporation)

SRV - (wuauserv [Auto | Running]) -- C:\WINDOWS\System32\wuaueng.dll (Microsoft Corporation)

SRV - (wudfsvc [Auto | Running]) -- C:\WINDOWS\System32\WUDFSvc.dll (Microsoft Corporation)

SRV - (XAudioService [Auto | Running]) -- C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (adpahci [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (adpu160m [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (adpu320 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (AFS [boot | Running]) -- C:\WINDOWS\System32\drivers\AFS.SYS (Oak Technology Inc.)

DRV - (aic78xx [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (aliide [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\AMDAGP.SYS (Microsoft Corporation)

DRV - (amdide [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\amdide.sys (Microsoft Corporation)

DRV - (AmdK7 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\amdk7.sys (Microsoft Corporation)

DRV - (AmdK8 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\amdk8.sys (Microsoft Corporation)

DRV - (arc [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)

DRV - (arcsas [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (AvgLdx86 [system | Running]) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86 [system | Running]) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (GRISOFT, s.r.o.)

DRV - (AvgWfpX [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\avgwfpx.sys (AVG Technologies CZ, s.r.o.)

DRV - (bowser [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\bowser.sys (Microsoft Corporation)

DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (Brserid [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\BrSerId.sys (Brother Industries Ltd.)

DRV - (BrSerWdm [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BTHMODEM [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\bthmodem.sys (Microsoft Corporation)

DRV - (Cdr4_xp [system | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (Cdralw2k [system | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (circlass [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\circlass.sys (Microsoft Corporation)

DRV - (CLFS [unknown | Running]) -- C:\WINDOWS\System32\clfs.sys (Microsoft Corporation)

DRV - (cmdide [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (crcdisk [boot | Running]) -- C:\WINDOWS\System32\drivers\crcdisk.sys (Microsoft Corporation)

DRV - (Crusoe [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\crusoe.sys (Microsoft Corporation)

DRV - (DfsC [system | Running]) -- C:\WINDOWS\System32\drivers\dfsc.sys (Microsoft Corporation)

DRV - (DXGKrnl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\dxgkrnl.sys (Microsoft Corporation)

DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\e100b325.sys (Intel Corporation)

DRV - (E1G60 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (Ecache [boot | Running]) -- C:\WINDOWS\System32\drivers\ecache.sys (Microsoft Corporation)

DRV - (elxstor [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\elxstor.sys (Emulex)

DRV - (FileInfo [boot | Running]) -- C:\WINDOWS\System32\drivers\fileinfo.sys (Microsoft Corporation)

DRV - (Filetrace [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\filetrace.sys (Microsoft Corporation)

DRV - (gagp30kx [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\GAGP30KX.SYS (Microsoft Corporation)

DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\HdAudio.sys (Microsoft Corporation)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\hdaudbus.sys (Microsoft Corporation)

DRV - (HidBth [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\hidbth.sys (Microsoft Corporation)

DRV - (HidIr [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\hidir.sys (Microsoft Corporation)

DRV - (HpCISSs [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (iaStorV [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\iaStorV.sys (Intel Corporation)

DRV - (igfx [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (iirsp [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (IPMIDRV [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\IPMIDrv.sys (Microsoft Corporation)

DRV - (iScsiPrt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\msiscsi.sys (Microsoft Corporation)

DRV - (iteatapi [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (iteraid [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (kbdhid [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\kbdhid.sys (Microsoft Corporation)

DRV - (lltdio [Auto | Running]) -- C:\WINDOWS\System32\drivers\lltdio.sys (Microsoft Corporation)

DRV - (LSI_FC [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\lsi_fc.sys (LSI Logic)

DRV - (LSI_SAS [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\lsi_sas.sys (LSI Logic)

DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (luafv [Auto | Running]) -- C:\WINDOWS\System32\drivers\luafv.sys (Microsoft Corporation)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys (Conexant)

DRV - (megasas [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (monitor [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\monitor.sys (Microsoft Corporation)

DRV - (mpio [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\mpio.sys (Microsoft Corporation)

DRV - (mpsdrv [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mpsdrv.sys (Microsoft Corporation)

DRV - (Mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\Mraid35x.sys (LSI Logic Corporation)

DRV - (mrxsmb10 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mrxsmb10.sys (Microsoft Corporation)

DRV - (mrxsmb20 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mrxsmb20.sys (Microsoft Corporation)

DRV - (msahci [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\msahci.sys (Microsoft Corporation)

DRV - (msdsm [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\msdsm.sys (Microsoft Corporation)

DRV - (msisadrv [boot | Running]) -- C:\WINDOWS\System32\drivers\msisadrv.sys (Microsoft Corporation)

DRV - (MsRPC [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\msrpc.sys (Microsoft Corporation)

DRV - (NativeWifiP [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\nwifi.sys (Microsoft Corporation)

DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\NETw2v32.sys (Intel® Corporation)

DRV - (nfrd960 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\nfrd960.sys (IBM Corporation)

DRV - (nsiproxy [system | Running]) -- C:\WINDOWS\System32\drivers\nsiproxy.sys (Microsoft Corporation)

DRV - (ntrigdigi [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (nvraid [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (nv_agp [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\NV_AGP.SYS (Microsoft Corporation)

DRV - (PEAUTH [Auto | Running]) -- C:\WINDOWS\System32\drivers\PEAuth.sys (Microsoft Corporation)

DRV - (PSched [system | Running]) -- C:\WINDOWS\System32\drivers\pacer.sys (Microsoft Corporation)

DRV - (ql2300 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\ql2300.sys (QLogic Corporation)

DRV - (ql40xx [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (QWAVEdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\qwavedrv.sys (Microsoft Corporation)

DRV - (R300 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (RDPENCDD [system | Running]) -- C:\WINDOWS\System32\drivers\RDPENCDD.sys (Microsoft Corporation)

DRV - (rspndr [Auto | Running]) -- C:\WINDOWS\System32\drivers\rspndr.sys (Microsoft Corporation)

DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (sbp2port [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\sbp2port.sys (Microsoft Corporation)

DRV - (sdbus [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\sdbus.sys (Microsoft Corporation)

DRV - (secdrv [Auto | Running]) -- C:\WINDOWS\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (sermouse [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\sermouse.sys (Microsoft Corporation)

DRV - (sffdisk [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\sffdisk.sys (Microsoft Corporation)

DRV - (sffp_mmc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys (Microsoft Corporation)

DRV - (sffp_sd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\sffp_sd.sys (Microsoft Corporation)

DRV - (sisagp [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\SISAGP.SYS (Microsoft Corporation)

DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (Smb [system | Running]) -- C:\WINDOWS\System32\drivers\smb.sys (Microsoft Corporation)

DRV - (spldr [boot | Running]) -- C:\WINDOWS\System32\drivers\spldr.sys (Microsoft Corporation)

DRV - (srv2 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\srv2.sys (Microsoft Corporation)

DRV - (srvnet [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\srvnet.sys (Microsoft Corporation)

DRV - (STHDA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\stwrt.sys (SigmaTel, Inc.)

DRV - (Symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\sym_hi.sys (LSI Logic)

DRV - (Sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\sym_u3.sys (LSI Logic)

DRV - (tcpipreg [Auto | Running]) -- C:\WINDOWS\System32\drivers\tcpipreg.sys (Microsoft Corporation)

DRV - (tdx [system | Running]) -- C:\WINDOWS\System32\drivers\tdx.sys (Microsoft Corporation)

DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (tssecsrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\tssecsrv.sys (Microsoft Corporation)

DRV - (tunnel [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tunnel.sys (Microsoft Corporation)

DRV - (uagp35 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\UAGP35.SYS (Microsoft Corporation)

DRV - (uliagpkx [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ULIAGPKX.SYS (Microsoft Corporation)

DRV - (uliahci [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (UlSata [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (ulsata2 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (umbus [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\umbus.sys (Microsoft Corporation)

DRV - (usbcir [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\usbcir.sys (Microsoft Corporation)

DRV - (vga [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\vgapnp.sys (Microsoft Corporation)

DRV - (ViaC7 [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\viac7.sys (Microsoft Corporation)

DRV - (viaide [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (volmgr [boot | Running]) -- C:\WINDOWS\System32\drivers\volmgr.sys (Microsoft Corporation)

DRV - (volmgrx [boot | Running]) -- C:\WINDOWS\System32\drivers\volmgrx.sys (Microsoft Corporation)

DRV - (vsmraid [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (WacomPen [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\wacompen.sys (Microsoft Corporation)

DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (Wd [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\wd.sys (Microsoft Corporation)

DRV - (Wdf01000 [boot | Running]) -- C:\WINDOWS\System32\drivers\Wdf01000.sys (Microsoft Corporation)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (WmiAcpi [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\wmiacpi.sys (Microsoft Corporation)

DRV - (ws2ifsl [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys (Microsoft Corporation)

DRV - (XAudio [Auto | Running]) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (yukonwlh [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\yk60x86.sys (Marvell)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3604

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3604

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)

O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (DeskshopBrowserHelper Class) - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\System32\BhoDshop.dll (Orbiscom Ltd. All rights reserved.)

O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\bae.dll (Gateway Inc.)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bigFix] c:\program files\Bigfix\bigfix.exe /atstartup (BigFix Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203538677\ee\AOLSoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)

O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [secure Online Account Numbers] C:\PROGRA~1\Discover\SOAN\SOAN.exe /dontopenmycards (Orbiscom Ltd. All rights reserved.)

O4 - HKLM..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

O4 - HKCU..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun (FreeDownloadManager.ORG)

O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun (NetZero, Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Discover\SOAN\SOAN.exe (Orbiscom Ltd. All rights reserved.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\wshtcpip.dll,-60103] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Sites: netzero.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Sites: netzero.net ([]* in Trusted sites)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (CKAVWebScan Object)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\System32\TSpkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/02/05 10:15:42 | 00,487,424 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTListIt22.exe

[2009/02/04 10:48:05 | 33,776,432 | -H-- | C] ( ) -- C:\Users\Owner\Desktop\setup_7.0.0.290_04.02.2009_12-50.exe

[2009/02/02 14:26:48 | 00,035,328 | ---- | C] () -- C:\Users\Owner\Desktop\Wrapper.exe

[2009/02/01 13:38:29 | 00,001,879 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk

[2009/02/01 13:38:27 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/02/01 10:51:37 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes

[2009/02/01 10:51:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/02/01 10:51:33 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/02/01 10:51:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/02/01 10:51:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/02/01 10:51:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/01/30 13:28:51 | 00,120,596 | ---- | C] () -- C:\Users\Owner\Documents\SANY0073.JPG

[2009/01/30 13:28:51 | 00,104,673 | ---- | C] () -- C:\Users\Owner\Documents\SANY0074.JPG

[2009/01/30 13:28:51 | 00,104,299 | ---- | C] () -- C:\Users\Owner\Documents\SANY0077.JPG

[2009/01/30 13:28:51 | 00,103,283 | ---- | C] () -- C:\Users\Owner\Documents\SANY0075.JPG

[2009/01/30 13:28:51 | 00,097,525 | ---- | C] () -- C:\Users\Owner\Documents\SANY0076.JPG

[2009/01/25 17:12:52 | 00,285,696 | ---- | C] () -- C:\Users\Owner\Documents\Haley 2.mix

[2009/01/23 09:44:25 | 00,397,659 | ---- | C] () -- C:\Users\Owner\Documents\Network-Know-How-Excerpt.pdf

[2009/01/22 16:27:30 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder

[2009/01/14 10:12:45 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2009/01/11 12:23:09 | 00,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Disketch CD Label Software.lnk

[2009/01/11 12:23:09 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Software

[2009/01/11 12:20:33 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software

[2009/01/11 12:20:31 | 00,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Express Rip.lnk

[2009/01/11 12:18:07 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound

[2009/01/11 12:18:06 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound

[2009/01/11 12:18:04 | 00,000,943 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk

[2009/01/11 12:13:02 | 00,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk

[2009/01/11 12:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound

[2009/01/10 12:45:56 | 00,000,833 | ---- | C] () -- C:\Users\Owner\Desktop\WinDirStat.lnk

[2009/01/10 12:45:55 | 00,000,000 | ---D | C] -- C:\Program Files\WinDirStat

[2009/01/09 12:58:30 | 00,000,000 | ---D | C] -- C:\Users\Owner\Documents\BILL

[2009/01/06 12:06:57 | 00,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Secure Online Account Numbers.lnk

[2009/01/06 12:06:53 | 00,167,936 | ---- | C] (Orbiscom Ltd.

All rights reserved.) -- C:\Windows\System32\FFDshop.dll

[2009/01/06 12:06:53 | 00,135,168 | ---- | C] (Orbiscom Ltd. All rights reserved.) -- C:\Windows\System32\BhoDshop.dll

[2009/01/06 12:06:52 | 00,098,304 | ---- | C] () -- C:\Windows\System32\OBroker.exe

[2009/01/06 12:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\Discover

[2009/01/06 12:05:59 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\InstallShield

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\*.tmp files]

[2009/02/05 10:19:11 | 00,487,424 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTListIt22.exe

[2009/02/05 10:12:57 | 00,004,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/02/05 10:12:57 | 00,004,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/02/05 08:17:24 | 00,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/02/05 08:17:24 | 00,626,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/02/05 08:17:24 | 00,107,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/02/05 08:12:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/02/05 08:12:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/02/05 08:12:34 | 10,632,39680 | -HS- | M] () -- C:\hiberfil.sys

[2009/02/04 11:01:48 | 33,776,432 | -H-- | M] ( ) -- C:\Users\Owner\Desktop\setup_7.0.0.290_04.02.2009_12-50.exe

[2009/02/04 08:00:29 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7AB6F11D-27ED-4F7F-99A0-15BB28F5A33F}.job

[2009/02/03 19:42:14 | 03,576,467 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db

[2009/02/03 07:54:27 | 00,035,328 | ---- | M] () -- C:\Users\Owner\Desktop\Wrapper.exe

[2009/02/01 13:38:29 | 00,001,879 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk

[2009/02/01 11:01:25 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/02/01 09:37:14 | 32,654,276 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2009/01/30 14:11:42 | 00,104,299 | ---- | M] () -- C:\Users\Owner\Documents\SANY0077.JPG

[2009/01/30 14:10:12 | 00,097,525 | ---- | M] () -- C:\Users\Owner\Documents\SANY0076.JPG

[2009/01/30 14:08:02 | 00,103,283 | ---- | M] () -- C:\Users\Owner\Documents\SANY0075.JPG

[2009/01/30 14:00:16 | 00,104,673 | ---- | M] () -- C:\Users\Owner\Documents\SANY0074.JPG

[2009/01/30 13:23:42 | 00,082,350 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg

[2009/01/30 13:11:40 | 00,120,596 | ---- | M] () -- C:\Users\Owner\Documents\SANY0073.JPG

[2009/01/26 15:25:24 | 00,000,088 | ---- | M] () -- C:\Users\Owner\Documents\PLAYERS.DAT

[2009/01/23 09:44:25 | 00,397,659 | ---- | M] () -- C:\Users\Owner\Documents\Network-Know-How-Excerpt.pdf

[2009/01/21 14:06:23 | 00,000,014 | ---- | M] () -- C:\Windows\popcinfo.dat

[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/01/14 11:26:18 | 00,000,024 | ---- | M] () -- C:\Users\Owner\Documents\SPADES.DAT

[2009/01/11 12:23:09 | 00,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Disketch CD Label Software.lnk

[2009/01/11 12:20:31 | 00,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Express Rip.lnk

[2009/01/11 12:18:04 | 00,000,943 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk

[2009/01/11 12:13:02 | 00,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk

[2009/01/10 12:45:56 | 00,000,833 | ---- | M] () -- C:\Users\Owner\Desktop\WinDirStat.lnk

[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

[2009/01/06 12:06:57 | 00,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Secure Online Account Numbers.lnk

========== LOP Check ==========

[2009/02/05 08:12:47 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT

[2009/02/04 19:05:01 | 00,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009/02/04 08:00:29 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7AB6F11D-27ED-4F7F-99A0-15BB28F5A33F}.job

========== Purity Check ==========

< End of report >

OTListIt Extras logfile created on: 2/5/2009 10:22:34 AM - Run

OTListIt2 by OldTimer - Version 2.0.0.5 Folder = C:\Users\Owner\Desktop

Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16764)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.43 Mb Total Physical Memory | 417.83 Mb Available Physical Memory | 41.23% Memory free

2.22 Gb Paging File | 1.51 Gb Available in Paging File | 68.09% Paging File free

Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 95.31 Gb Total Space | 53.16 Gb Free Space | 55.78% Space Free | Partition Type: NTFS

Drive D: | 28.74 Gb Total Space | 20.34 Gb Free Space | 70.76% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WANDA-PC

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3167732007-3646572832-3566841481-1000]

"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3167732007-3646572832-3566841481-1001]

"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3167732007-3646572832-3566841481-500]

"EnableNotificationsRef" = 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700

"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter

"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor

"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library

"{65980EBF-C4B5-4555-823A-94DB7F709E53}" = Secure Online Account Numbers

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{703DE3AE-513C-11D6-B2F9-0002A5E32BEF}" = Pinball Panic

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8

"{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}" = Inpaint

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0

"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22

"87AD0EE8-5BDE-4B2A-81EF-C361CE8F9C97" = Office Paintball

"Acrophobia" = Acrophobia

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"After Dark Games Demo" = After Dark Games Demo

"AVG8Uninstall" = AVG Free 8.0

"Baby Balloons_is1" = Baby Balloons 1.0

"Canon iP1700 User Registration" = Canon iP1700 User Registration

"CanonMyPrinter" = Canon My Printer

"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP

"Disketch" = Disketch CD Label Software

"Dynomite Deluxe 2.00z" = Dynomite Deluxe 2.00z

"Easter Eggs_is1" = Easter Eggs 1.1.0

"Easy-WebPrint" = Easy-WebPrint

"eMachines Game Console" = eMachines Game Console

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"ExpressBurn" = Express Burn

"ExpressRip" = Express Rip

"Feeding Frenzy_is1" = Feeding Frenzy

"Foxit Reader" = Foxit Reader

"Free Download Manager_is1" = Free Download Manager 2.5 Uploads plugin

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"HangARoo_is1" = HangARoo v2.05a

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Hoyle Board Games Demo" = Hoyle Board Games Demo

"Hoyle Card Games 3" = Hoyle Card Games 3

"Hoyle Casino '99 Demo" = Hoyle Casino '99 Demo

"Kaspersky Online Scanner" = Kaspersky Online Scanner

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Money2006b" = Microsoft Money 2006

"NetZero Connection Wizard" = NetZero Connection Wizard

"NetZero HiSpeed" = NetZero HiSpeed (remove only)

"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0

"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006

"Pop'em_is1" = Pop'em v1.1

"PROSet" = Intel® PRO Network Connections Drivers

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"Sierra Utilities" = Sierra Utilities

"Simple Family Tree" = Simple Family Tree (remove only)

"Trend Micro HouseCall 6.6" = HouseCall 6.6

"WavePad" = WavePad Sound Editor

"WebPost" = Microsoft Web Publishing Wizard 1.52

"WT014955" = Polar Golfer

"WT014959" = JEOPARDY

"WT014961" = SCRABBLE

"WT015795" = Blasterball 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/2/2009 3:31:52 PM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application Wrapper[1].exe, version 1.0.0.0, time stamp 0x4985c373,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00000000, process id 0xef0, application start time 0x01c9856ce605971a.

Error - 2/2/2009 3:36:11 PM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application Wrapper[2].exe, version 1.0.0.0, time stamp 0x4985c373,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00000000, process id 0x718, application start time 0x01c9856d8094d9da.

Error - 2/2/2009 3:47:52 PM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application Wrapper.exe, version 1.0.0.0, time stamp 0x4985c373,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00000000, process id 0xe88, application start time 0x01c9856f21f6104a.

Error - 2/2/2009 3:49:57 PM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application Wrapper(1).exe, version 1.0.0.0, time stamp 0x4985c373,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00000000, process id 0x558, application start time 0x01c9856f6cf4ac0a.

Error - 2/2/2009 3:50:21 PM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application Wrapper.exe, version 1.0.0.0, time stamp 0x4985c373,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00000000, process id 0x288, application start time 0x01c9856f7ae6502a.

Error - 2/3/2009 8:54:29 AM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application Wrapper.exe, version 1.0.0.0, time stamp 0x4985c373,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00000000, process id 0x190, application start time 0x01c985fe8c51763a.

Error - 2/3/2009 8:55:04 AM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application Wrapper(1).exe, version 1.0.0.0, time stamp 0x4985c373,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00000000, process id 0xe50, application start time 0x01c985fea1bfe97a.

Error - 2/3/2009 8:59:40 AM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application Wrapper.exe, version 1.0.0.0, time stamp 0x4985c373,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00000000, process id 0xfa4, application start time 0x01c985ff4628d71a.

Error - 2/3/2009 3:16:13 PM | Computer Name = Wanda-PC | Source = RasClient | ID = 20227

Description =

Error - 2/3/2009 3:16:55 PM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16764, time stamp

0x48f6a2ed, faulting module urlmon.dll, version 7.0.6000.16764, time stamp 0x48f6c575,

exception code 0xc0000005, fault offset 0x00009647, process id 0xff4, application

start time 0x01c9861ad3b4e0ea.

[ System Events ]

Error - 8/3/2008 10:45:51 AM | Computer Name = Wanda-PC | Source = DCOM | ID = 10010

Description =

Error - 8/4/2008 9:49:40 AM | Computer Name = Wanda-PC | Source = WinDefend | ID = 2004

Description = %%827 has encountered an error trying to load signatures and will

attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error

Code: 0x8050a001 Error description: The program can't find definition files that

help detect unwanted software. Check for updates to the definition files, and then

try again. For information on installing updates, see Help and Support. Signatures

loading: %%825 Loading signature version: 1.37.1115.0 Loading engine version: 1.1.3704.0

Error - 8/7/2008 2:20:24 PM | Computer Name = Wanda-PC | Source = volsnap | ID = 393283

Description = The shadow copy of volume C: being created failed to install.

Error - 8/7/2008 3:39:28 PM | Computer Name = Wanda-PC | Source = VDS Basic Provider 1.0 | ID = 33554441

Description =

Error - 8/7/2008 3:42:07 PM | Computer Name = Wanda-PC | Source = DCOM | ID = 10010

Description =

Error - 8/8/2008 4:14:40 PM | Computer Name = Wanda-PC | Source = volsnap | ID = 393283

Description = The shadow copy of volume C: being created failed to install.

Error - 8/9/2008 7:48:21 AM | Computer Name = Wanda-PC | Source = WinDefend | ID = 2004

Description = %%827 has encountered an error trying to load signatures and will

attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error

Code: 0x8050a001 Error description: The program can't find definition files that

help detect unwanted software. Check for updates to the definition files, and then

try again. For information on installing updates, see Help and Support. Signatures

loading: %%825 Loading signature version: 1.39.119.0 Loading engine version: 1.1.3704.0

Error - 8/9/2008 9:19:04 AM | Computer Name = Wanda-PC | Source = volsnap | ID = 393283

Description = The shadow copy of volume C: being created failed to install.

Error - 8/10/2008 7:34:00 AM | Computer Name = Wanda-PC | Source = WinDefend | ID = 2004

Description = %%827 has encountered an error trying to load signatures and will

attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error

Code: 0x8050a001 Error description: The program can't find definition files that

help detect unwanted software. Check for updates to the definition files, and then

try again. For information on installing updates, see Help and Support. Signatures

loading: %%825 Loading signature version: 1.39.119.0 Loading engine version: 1.1.3704.0

Error - 8/10/2008 9:02:29 AM | Computer Name = Wanda-PC | Source = volsnap | ID = 393283

Description = The shadow copy of volume C: being created failed to install.

< End of report >

[Rorschach112]

your logs are clean

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

• Click the Pt. Restauration button and press OK to the prompts.
  
• Click the Corbeille button and press OK to the prompt.
  
• Click the Fichiers temp button and press OK to the prompt.
  
• Click the Recherche button and let it run ( it may look like it freezes but let it continue )
  
• Once it is done click the Suppression button and let it remove anything it finds.
  
• Close the program
  

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :

http://www.adobe.com/products/acrobat/readstep2.html

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
  
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  
  • Click Start > Run
    
  • Type Inetcpl.cpl & click OK
    
  • Click on the Security tab
    
  • Click Reset all zones to default level
    
  • Make sure the Internet Zone is selected & Click Custom level
    
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    

  [*]ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

  Here

  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

  • NoScript - for blocking ads and other potential website attacks
    
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    

  [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  [*]Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.