Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't completely remove Antivirus 2009 [Solved]


  • This topic is locked This topic is locked

#1
MrsFixIt

MrsFixIt

    Member

  • Member
  • PipPip
  • 32 posts
Hello! You helped me a year or so ago with a different problem I had, & I kept most of the removal tools on my computer, so I've been able to use them over & over again to remove many threats. Thank you so much for that!

This Antivirus 2009 really has me swinging. The first thing I did was to find it running by using msconfig, so I stopped that.

I've run Hoster to restore the host files, then ATF-Cleaner, but when I went to run Smitfraudfix, nothing happened. I can't run it in safe mode, either. I ran AVG (free) from safe mode & it found nothing, but it also can't update. I ran Ad-Aware, & it found 3 things (that it ALWAYS finds), removed them, & that was that. SpyBot won't run, SuperAntiSpyware won't run, & I've downloaded a new MBAM from your site here & copied it to my infected computer, but it also won't run.

I checked on my non-infected computer for information on manually removing Antivirus 2009 & have searched my registry & removed all occurences of Antivirus & AV2009. I've also removed all of these files from my harddrive, along with scui.cpl, scui.dll, & winisrc.dll.

Even after all of this, I'm still unable to run the programs mentioned above, & my internet access doesn't work properly, not displaying web pages or redirecting me. I'm out of ideas at this point, so I sure hope you can help!

Thank you in advance,
Donna
  • 0

Advertisements


#2
MrsFixIt

MrsFixIt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I wanted to post an update on this because while waiting for a response (which there hasn't been to date, although there have been 40 views), I kept searching for a solution to this. I tried a LOT of things.

Finally, I downloaded ccleaner (formerly "crap cleaner") from ccleaner.com. It didn't remove the malware, but it did clean things up enough to allow Smitfraudfix, SpyBot, MBAM, & SuperAntiSpyware to run. I ran ALL of these in this order, & I was finally able to get my internet working again with no references to Antivirus 2009 left. I'm assuming this means my computer is clean.

I don't really think my husband & I do any activities "out of the ordinary" on the computer, but since I've cleaned this up, there have been 2 other times when I've visited a website that tried to report a "threat" & said I should run Antivirus 2009 (or 2010 !) to remove it. When this has happened I immediately closed my browser & checked to be sure Antivirus 2009 wasn't running (by displaying the task manager) & didn't show up when checking processes with msconfig.

This is a nasty piece of malware. What I now want to know is how do I report this to the "authorities" to let them know I'm yet another victim & would like to see action taken against those responsible for this? Does anyone know? I can't figure out why these people aren't stopped. After all, from all of the posts I've been reading the past few days, it sounds like a LOT of people have sent money to buy this bogus program, so there must be a money trail! Right?
  • 0

#3
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello MrsFixIt, and welcome to GeeksToGo! Sorry for the delay, the forums have been busy.

Posted ImageClick here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#4
MrsFixIt

MrsFixIt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:48 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.roadrunn...es/LinkPage.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061125
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3553FF81-A19A-4486-873E-3105287E6975} (BackupPlayer Control) - file://D:\WebPlayer.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-24-0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6685 bytes
  • 0

#5
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Please download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#6
MrsFixIt

MrsFixIt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTListIt.Txt:

OTListIt logfile created on: 1/13/2009 12:16:29 AM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Donna McFarland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 639.42 Mb Available Physical Memory | 63.04% Memory free
2.38 Gb Paging File | 2.09 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.09 Gb Total Space | 73.11 Gb Free Space | 69.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONNASDELL
Current User Name: Donna McFarland
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
C:\Documents and Settings\Donna McFarland\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
(Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
(aspnet_state [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
(avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
(avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
(Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(ehRecvr [Disabled | Stopped]) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
(ehSched [Disabled | Stopped]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
(EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
(GameConsoleService [Disabled | Stopped]) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
(gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
(iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(LPDSVC [Disabled | Stopped]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
(McrdSvc [Disabled | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
(MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
(MSSQL$MICROSOFTSMLBIZ [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
(MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
(NBService [Disabled | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
(ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
(RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
(S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
(SQLAgent$MICROSOFTSMLBIZ [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
(WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
(WLANKEEPER [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
(WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(AegisP [Auto | Running]) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
(AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
(amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.)
(APPDRV [System | Running]) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
(asc [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
(asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
(ASCTRM [Auto | Running]) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
(AvgLdx86 [System | Running]) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
(AvgMfx86 [System | Running]) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
(AvgTdiX [Auto | Running]) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
(bcm4sbxp [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
(Beep [System | Stopped]) -- C:\WINDOWS\system32\beep.sys (Microsoft Corporation)
(CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)
(dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)
(drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
(drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
(DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
(E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
(GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
(HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
(HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
(ialm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
(kbdhid [System | Running]) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
(MASPINT [Auto | Running]) -- C:\WINDOWS\system32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
(mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
(mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
(nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
(omci [System | Running]) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
(pcouffin [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
(PL-40R [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\pl40rwdm.sys (CASIO COMPUTER CO., LTD.)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
(ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
(ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
(ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
(rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
(rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
(rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
(s24trans [Auto | Running]) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
(SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
(SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SCDEmu [System | Running]) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
(sdbus [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sdbus.sys (Microsoft Corporation)
(Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sffdisk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\sffdisk.sys (Microsoft Corporation)
(sffp_sd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\sffp_sd.sys (Microsoft Corporation)
(sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation)
(Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
(sptd [Boot | Running]) -- C:\WINDOWS\system32\drivers\sptd.sys ()
(sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
(ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
(STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
(symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
(symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
(sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
(sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
(SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
(tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
(tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
(tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
(tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
(tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
(tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
(tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
(tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
(tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
(ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
(w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
(winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
(WmiAcpi [System | Running]) -- C:\WINDOWS\system32\drivers\wmiacpi.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061125
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061125

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.roadrunn...es/LinkPage.htm
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3553FF81-A19A-4486-873E-3105287E6975} file://D:\WebPlayer.cab (BackupPlayer Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value does not exist or could not be read.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = avgrsstx.dll
>C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINDOWS\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

"UIHost" = logonui.exe
>C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
"" = E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63bc824e-9194-11dd-87d5-0018de9c2b04}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63bc824e-9194-11dd-87d5-0018de9c2b04}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63bc824e-9194-11dd-87d5-0018de9c2b04}\Shell\AutoRun\command]
"" = D:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8602b9fc-d5e8-11dd-88a7-0018de9c2b04}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8602b9fc-d5e8-11dd-88a7-0018de9c2b04}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8602b9fc-d5e8-11dd-88a7-0018de9c2b04}\Shell\AutoRun\command]
"" = F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a185166d-b416-11dc-855a-0018de9c2b04}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a185166d-b416-11dc-855a-0018de9c2b04}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a185166d-b416-11dc-855a-0018de9c2b04}\Shell\AutoRun\command]
"" = F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/01/13 00:13:46 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donna McFarland\Desktop\OTListIt2.exe
[2009/01/12 22:48:23 | 00,001,748 | ---- | C] () -- C:\Documents and Settings\Donna McFarland\Desktop\HijackThis.lnk
[2009/01/12 22:47:39 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Donna McFarland\Desktop\HJTInstall.exe
[2009/01/12 12:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Donna McFarland\Application Data\Yahoo!
[2009/01/12 12:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/01/12 12:46:07 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/01/12 12:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Donna McFarland\Application Data\IObit
[2009/01/11 01:07:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Donna McFarland\DonnasDocs\Flying Firm
[2009/01/10 00:45:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/01/10 00:45:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/01/09 22:58:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/09 22:58:56 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/09 22:58:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/09 22:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/01/08 17:53:51 | 10,637,14816 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/08 08:57:00 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/01/01 23:15:23 | 00,013,017 | ---- | C] () -- C:\Documents and Settings\Donna McFarland\Application Data\Microsoft Excel.CAL
[2008/12/31 03:11:02 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/31 03:11:01 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/31 03:10:56 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/31 03:10:54 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/31 03:10:51 | 31,898,148 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/31 03:10:51 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/31 03:10:51 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/31 03:10:51 | 00,043,917 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/31 03:10:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/12/31 02:55:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2008/12/22 19:19:12 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/22 19:19:12 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/16 15:08:26 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Donna McFarland\DonnasDocs\Candys shirt.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/01/13 00:13:57 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donna McFarland\Desktop\OTListIt2.exe
[2009/01/12 22:48:23 | 00,001,748 | ---- | M] () -- C:\Documents and Settings\Donna McFarland\Desktop\HijackThis.lnk
[2009/01/12 22:47:16 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Donna McFarland\Desktop\HJTInstall.exe
[2009/01/12 22:44:27 | 31,898,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/12 21:50:52 | 00,473,422 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/12 21:50:52 | 00,403,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/12 21:50:52 | 00,062,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/12 21:47:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/12 21:46:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/12 21:46:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/12 21:46:31 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/12 21:45:26 | 11,636,126 | -H-- | M] () -- C:\Documents and Settings\Donna McFarland\Local Settings\Application Data\IconCache.db
[2009/01/12 14:23:22 | 00,000,749 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/12 14:23:22 | 00,000,245 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/12 14:23:22 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/01/12 09:06:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/11 19:48:11 | 00,043,917 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/01/10 06:07:56 | 00,001,244 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/01/10 02:12:45 | 00,000,875 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/01/10 02:12:20 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/01/04 18:41:24 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:41:20 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/01 23:16:01 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/01/01 23:15:58 | 00,013,017 | ---- | M] () -- C:\Documents and Settings\Donna McFarland\Application Data\Microsoft Excel.CAL
[2008/12/31 03:12:17 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/31 03:11:02 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/31 03:11:01 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/31 03:10:56 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/31 03:10:54 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/31 03:10:51 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/28 23:14:21 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/26 17:22:23 | 02,359,296 | ---- | M] () -- C:\Documents and Settings\Donna McFarland\DonnasDocs\My Money.mny
[2008/12/26 17:22:20 | 02,360,255 | R--- | M] () -- C:\Documents and Settings\Donna McFarland\DonnasDocs\My Money Backup.mbf
[2008/12/22 19:19:12 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/16 15:08:27 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Donna McFarland\DonnasDocs\Candys shirt.doc

========== LOP Check ==========

[2009/01/12 12:46:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/12 14:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2008/11/09 18:06:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/01/31 01:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/06/09 16:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/06/09 16:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/09 13:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2006/11/25 02:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2006/11/25 02:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/12/26 19:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/08/16 21:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/08/26 17:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2006/11/25 02:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/11/25 02:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2007/08/25 14:51:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\idledashamokaxis
[2006/11/25 02:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/11/25 02:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2008/11/06 12:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ipswitch
[2008/05/23 18:21:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/05/05 20:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/03/12 15:25:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/01/27 21:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2006/11/25 02:26:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/01/10 06:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/05/17 17:49:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2007/01/26 23:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/10 22:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/01/06 23:11:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/06 02:45:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/10/19 23:48:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/11/25 02:30:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/01/12 12:46:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/01/12 12:46:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Donna McFarland\Application Data
[2008/06/09 16:22:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Adobe
[2008/05/14 08:06:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\AdobeUM
[2007/01/27 21:53:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Ahead
[2007/01/31 01:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\AOL
[2008/06/09 16:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Apple Computer
[2009/01/12 14:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\BitTorrent
[2008/05/20 13:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Corel
[2008/10/20 00:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\DVDFab
[2007/07/24 19:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\FUJIFILM
[2006/12/04 14:00:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Google
[2006/11/25 02:35:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Gtek
[2008/06/07 13:28:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Help
[2008/12/10 01:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Home Designer Suite 8.0
[2008/09/08 19:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Identities
[2006/11/25 02:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\InstallShield
[2006/11/25 02:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Intel
[2009/01/12 14:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\IObit
[2008/11/06 12:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Ipswitch
[2008/03/12 15:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Lavasoft
[2007/01/01 17:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Leadertech
[2006/12/04 14:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Macromedia
[2008/05/05 20:35:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Malwarebytes
[2009/01/01 23:07:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Microsoft
[2009/01/12 14:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\OfficeUpdate12
[2007/03/08 02:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\RipIt4Me
[2007/01/31 23:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\SlySoft
[2007/01/01 17:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Sonic
[2006/12/04 14:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Sun
[2008/05/17 17:49:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\SUPERAntiSpyware.com
[2007/12/26 22:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\U3
[2007/01/26 23:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Viewpoint
[2009/01/10 23:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Vso
[2008/01/06 23:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\WildTangent
[2009/01/12 12:46:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Donna McFarland\Application Data\Yahoo!
[2009/01/12 09:06:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/01/10 02:12:20 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/01/12 21:46:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >



Extras.Txt:

OTListIt Extras logfile created on: 1/13/2009 12:16:29 AM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Donna McFarland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 639.42 Mb Available Physical Memory | 63.04% Memory free
2.38 Gb Paging File | 2.09 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.09 Gb Total Space | 73.11 Gb Free Space | 69.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONNASDELL
Current User Name: Donna McFarland
Logged in as Administrator.

  • 0

#7
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Viewpoint

After that, Reboot.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#8
MrsFixIt

MrsFixIt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I removed Viewpoint. I have a list here of the other programs running that I'm not really familiar with. There are some that "sound" familiar, but I figured I'd list them to be safe. I know some of my specific programs, like for my digital camera, but I'm really not sure about all of them. I also know that just because something says "Windows", for example, in the title doesn't mean it's a Windows program. So here's the list:

Unknown Windows Programs

Adobe AIR
Adobe Flash Player ActiveX
Apple Mobile Device Support
Apple Software Update
Backup CD Player
Bantec Service Agreement
Bonjour
Broadcom Management Programs
Conexant HAD D100 MDC V.92 Modem
Corel Snapfile Plus
Digital Content Portal
Digital Line Detect
EducateU
ESPNMotion
ExtractNow (sounds familiar, though)
GemMaster Mystic
Get High Speed Internet!
High Definition Audio Drive Package – KB835221
Internet Service Offers Launcher
iTunes
Learn2 Player (Uninstall Only)
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPINT
Modem Helper
MSXML 4.0 SP2 (there are 3 of these with a KB # after them)
NetWaiting
NetZeroInstallers
Otto
PowerISO
QuickSet
QuickTime
SearchAssist
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio (& Copy & Data)
Sonic Update Manager
Synaptics Pointing Device Driver
URL Assistant
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Yahoo! Music Jukebox


As for Java, it uninstalled the prior versions, but I can't get the download to work. I've tried just choosing open & also saving it to my harddrive, then executing it. The "optional" files downloaded fine, but the main one won't. It flashes that it's reconnecting to server, then downloading, but before any progress can display on the progress bar, it says "Download failed. Unable to verify."
  • 0

#9
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Unknown Windows Programs

Adobe AIR - part of Adobe Suite, recommened to keep that
Adobe Flash Player ActiveX - part of Adobe Suite, recommended to keep that
Apple Mobile Device Support - part of iTunes
Apple Software Update - part of iTunes
Backup CD Player - safe to uninstall if you don't use it
Bantec Service Agreement - has to do with Dell Computers, recommended to keep that
Bonjour - part of iTunes
Broadcom Management Programs - related to a driver, recommended to keep that
Conexant HAD D100 MDC V.92 Modem - related to a driver, recommended to keep that
Corel Snapfile Plus - from the Corel Draw family, image-editor, is a paid program, so you probably installed this yourself, safe to uninstall if you don't use it
Digital Content Portal - has to do with Dell Computers, recommened to keep that
Digital Line Detect - has to do with Dell Computers, recommened to keep that
EducateU - installed on Dell Computers, but is safe to uninstall if you don't use it
ESPNMotion - ESPN Streaming Video Player, safe to uninstall if you don't use it
ExtractNow (sounds familiar, though) - allows you to extract archived files, safe to uninstall if you don't use it
GemMaster Mystic - a game from the web, safe to uninstall if you don't use it
Get High Speed Internet! - installed on Dell Computers, safe to uninstall, as you probably won't need it
High Definition Audio Drive Package – KB835221 - Windows Update for your audio driver, recommended to keep that
Internet Service Offers Launcher - installed on Dell Computers, safe to uninstall, as you probably won't need it
iTunes - from Apple, allows you to buy and download songs and videos over the internet to play on your computer, or to put onto an iPod. Safe to uninstall (along with all other components I pointed out above) if you don't use it
Learn2 Player (Uninstall Only) - installed with AOL 9.0, safe to uninstall if you don't use it
MediaDirect
Microsoft .NET Framework 1.1 - Part of Windows, recommended to keep that
Microsoft .NET Framework 1.1 Hotfix (KB928366) - Update for the above program, recommened to keep that
Microsoft Compression Client Pack 1.0 for Windows XP - Part of Windows, recommended to keep that
Microsoft User-Mode Driver Framework Feature Pack 1.0 - Part of Windows, recommended to keep that
Microsoft Visual C++ 2005 Redistributable - Part of Windows, recommended to keep that
MicroStaff WINASPINT - a driver for CD/DVD ROM, recommended to keep that
Modem Helper - installed on Dell Computers, safe to uninstall, as you probably won't need it
MSXML 4.0 SP2 (there are 3 of these with a KB # after them) - updates to Windows, recommended to keep those
NetWaiting - installed on Dell Computers, recommended to keep that
NetZeroInstallers - part of NetZero, recommended to keep if you use NetZero, otherwise, you can uninstall it
Otto - A game, safe to uninstall if you don't use it
PowerISO - allows you to create, edit, burn, extract ISO files, recommended to keep unless you don't use it
QuickSet - installed on Dell Computers, recommended to keep that
QuickTime - part of iTunes, it is a popular video player for video files, recommended to keep
SearchAssist - installed on Dell Computers, safe to uninstall if you don't use it
Sonic DLA - part of Sonic CD/DVD Suite, recommended to keep
Sonic Encoders - part of Sonic CD/DVD Suite, recommended to keep
Sonic MyDVD LE - part of Sonic CD/DVD Suite, recommended to keep
Sonic RecordNow Audio (& Copy & Data) - part of Sonic CD/DVD Suite, recommended to keep
Sonic Update Manager - part of Sonic CD/DVD Suite, recommended to keep
Synaptics Pointing Device Driver - driver for your computer mouse, recommended to keep
URL Assistant - installed on Dell Computers, safe to uninstall if you don't use it
Windows Defender - Microsoft's Anti-Malware Program, recommended to keep unless you have other Anti-Malware Programs
Windows Installer 3.1 (KB893803) - allows you to install programs, recommended to keep if you want to install or uninstall programs
Windows Media Format 11 runtime - part of Windows Media Player, recommended to keep
Yahoo! Music Jukebox - music player similar to iTunes, recommended to keep unless you don't use it


Try this link for Java: http://javadl.sun.co...?BundleId=26691
  • 0

#10
MrsFixIt

MrsFixIt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I got Java to install, then ran Kaspersky online scanner, but it didn't find anything, & there was no report created. Is this right? I turned off my antivirus program (AVG) & didn't use the computer during the whole scan process, which took over 2 hours.
  • 0

Advertisements


#11
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
That's alright. If it found nothing, then there would be no log to report back.

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#12
MrsFixIt

MrsFixIt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I just want to make sure I have this correct.

Right now, I should run once:
MVPS Hosts file
ERUNT

I should run ram-resident:
my antivirus program (which is AVG free)
Spyware Blaster
Spyware Guard

When I suspect a problem (or periodically), I should run
Super AntiSpyware and/or
Malewarebytes' Anti-Malware


I've been following a routine, typically every Friday, where I run the following:
AVG scan (set to run automatically on Friday)
Hoster (& select to restore original host files)
ATF-Cleaner
Smitfraudfix
Ad-Aware
SpyBot
Registry Mechanic

It was my plan to add to this:
CCleaner (after ATF-Cleaner)
Malwarebytes' Anti-Malware (after SpyBot)
Super AntiSpyware (after MBAM)
Advanced SystemCare (after Registry Mechanic)



So my questions are:

1. Am I correct in my intrepretation of what your last post told me to do?
2. Is a weekly run of the programs a good idea? Sufficient? Over-kill?
3. What do you think should be my schedule of programs to run each week?
4. Should I report the infection of Antivirus 2009 to someone, & if so, who?
  • 0

#13
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts

Right now, I should run once:
MVPS Hosts file
ERUNT - I would actually run this along with your Friday routine. This will give you updated backups of your registry as often as possible, so if you ever ran into trouble, you'd have the latest one saved.

I should run ram-resident:
my antivirus program (which is AVG free)
Spyware Blaster - this is a program with no real-time protection, I would update this instead every Friday, as part of your routine
Spyware Guard

When I suspect a problem (or periodically), I should run
Super AntiSpyware and/or
Malewarebytes' Anti-Malware


I've been following a routine, typically every Friday, where I run the following:
AVG scan (set to run automatically on Friday)
Hoster (& select to restore original host files) - this will rarely need to be run, only when your hosts file is changed by malware, which is not very often at all, since you seem to be well protected now. :)
ATF-Cleaner
Smitfraudfix - please do NOT run this every week, this should only be run under supervision of a Malware Expert only when you have certain types of infections. In fact, I would delete this altogether.
Ad-Aware
SpyBot
Registry Mechanic - beware of Registry modifiers, they can have false positives, and can do more harm than good. Best to uninstall this as well, it's not really useful.

It was my plan to add to this:
CCleaner (after ATF-Cleaner) - there is nothing CCleaner will clean that ATF Cleaner won't. I would just stick with ATF Cleaner, it's simple and easy to use.
Malwarebytes' Anti-Malware (after SpyBot)
Super AntiSpyware (after MBAM)- really only need 1 or the other. I would recommend MBAM though since you have that one, and it has better detection rates. You can uninstall SUPERAntiSpyware.
Advanced SystemCare (after Registry Mechanic) - see my note above about Registry Mechanic. Advanced SystemCare does similar things, and can often do more harm than good.


1. Am I correct in my intrepretation of what your last post told me to do?


I have added comments in bold. :)

2. Is a weekly run of the programs a good idea? Sufficient? Over-kill?


This is exactly what you should be doing. Only thing is, I would recommend the scan with AVG every night. You can schedule it to run at 1:00 or 2:00 am, while you're in bed so it's not all intrusive while you are using it in the middle of the day. However, weekly is much better than not at all. :)

3. What do you think should be my schedule of programs to run each week?


ATF Cleaner first, always. Then your antispyware programs (Spybot, Ad-Aware, MBAM), then AVG, and finally an ERUNT backup after you come up clean.

4. Should I report the infection of Antivirus 2009 to someone, & if so, who?


Unfortunately, there is not much you can do. There are not always people out there who are nice and kind. They want to take advantage of you, steal your information, and cause general havoc. Best thing to do is to research things before downloading and using them. That way, you know what other people's experiences are before you have your own experience. It will help you decide whether you should install it, or find something better.

Hope this clears things up. :)
  • 0

#14
MrsFixIt

MrsFixIt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you so much for your help! I will take your advice in my maintenance schedule. I'll have to think about daily scans with AVG. I don't like to leave my computer on when we're sleeping or it otherwise won't be used for hours.

Tomorrow my daughter is bringing her computer over for me to fix. She just told me she now has Antivirus 2009 on it! This must be the latest & greatest piece of malware out there, huh? What do you suggest to be my plan of attack in getting her computer clean -- or if this happens to me again? Do you think a run of ATF-Cleaner, then MBAM might take care of it?
  • 0

#15
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts

Tomorrow my daughter is bringing her computer over for me to fix. She just told me she now has Antivirus 2009 on it! This must be the latest & greatest piece of malware out there, huh? What do you suggest to be my plan of attack in getting her computer clean -- or if this happens to me again? Do you think a run of ATF-Cleaner, then MBAM might take care of it?


I would start with those two. If you want me to help you with this one as well, just post a HijackThis log after you ran MBAM (and probably post the MBAM log too), and I can help you clean up whatever is left. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP