Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Persistent TrojanVX2 Look2me infection [Solved]

Started by chili fries , Jul 21 2009 11:11 AM

  • This topic is locked This topic is locked

#1
chili fries
Posted 21 July 2009 - 11:11 AM

chili fries

    Member

  • Member
  • PipPip
  • 36 posts
I picked up a trojan a couple of days ago and I can't get rid of it. It's very frustrating because this is my work computer and I desperately need it to function properly again.

After my computer started acting strange I ran Spyware Doctor, which found a TrojanVX2 Look2me infection. Spyware Doctor would delete it but when I restarted my computer it would appear again along with a lot of other low level spyware. At that time it also prevented Malwarebytes and Super AntiSpyware from accessing the internet and updating. I also had downloaded Avira and Avast but everytime I tried to run the setup for them it failed because they could not access the internet.

So I downloaded AVG and ran it, but it didn't find anything. An online scan with Bit Defender did find something and deleted it. That allowed my antivirus and antispyware programs to access the internet. I ran Avast but it didn't find anything. I uninstalled Avast and tried Avira. It found a couple of infections and deleted them. Spyware Doctor then was able to delete TrojanVX2 Look2me but my computer still gets filled up with new low level spyware infections every time I restart the computer.

Now my computer works a little better but it still gets bogged down and locks up after I use it for a short time. Malwarbytes doesn't find anything. Neither does Super AntiSpyware. Spyware Doctor finds and deletes spyware but every time I restart my computer it's back, even if I didn't surf any web pages. I'm in the process of going through the online scans but they are difficult to complete because my computer keeps slowing down then freezing.

Here are my logs:

Root Repeal

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/24 00:37
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x9073C000 Size: 778240 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\Windows\system32\Drivers\mchInjDrv.sys
Address: 0xAD383000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAD3AF000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1180 Status: Locked to the Windows API!

SSDT
-------------------
#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8fec87a6

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8fec5794

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8fec5f1e

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8d8f0574

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8fec91f0

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8fec942a

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8d8f0560

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8d8f0565

#: 267 Function Name: NtRenameKey
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8feca12a

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8fec983c

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x90695f20

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8fec4384

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\iksysflt.sys" at address 0x8fec66b6

==EOF==



OTL

OTL logfile created on: 7/24/2009 12:40:03 AM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 107.29 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.36 Gb Free Space | 43.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/09/20 14:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\aestsrv.exe
PRC - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/30 11:03:14 | 00,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/06/13 17:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/10/09 14:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2007/09/13 14:45:38 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\STacSV.exe
PRC - [2008/10/27 04:54:20 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/10/27 04:52:16 | 02,654,208 | ---- | M] (Dell Inc.) -- C:\Windows\System32\bcmwltry.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/10/04 14:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2009/03/02 21:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/07/24 00:38:33 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/08 23:17:17 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/09/20 14:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/27 13:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService [Auto | Running])
SRV - [2008/01/20 21:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/20 21:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/04 18:17:48 | 00,164,600 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/12/18 01:02:23 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331 [On_Demand | Stopped])
SRV - [2008/12/18 01:12:55 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2009/02/02 20:47:16 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c985a15cf94e28 [Auto | Stopped])
SRV - [2009/03/24 10:55:24 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/09/30 11:03:14 | 00,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc [Auto | Running])
SRV - [2008/06/19 20:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/12/23 10:35:20 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2008/06/13 17:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2008/10/09 14:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2008/10/04 14:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2007/09/13 14:45:38 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/03/24 08:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/10/27 04:54:20 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=4081218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=4081218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=4081218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 75.101.191.25:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://by109w.bay109...0&n=1812397654"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..network.proxy.http: "194.170.32.251"
FF - prefs.js..network.proxy.http_port: 443

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/29 03:00:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/21 00:00:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/21 00:00:28 | 00,000,000 | ---D | M]

[2009/03/17 23:20:38 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Extensions
[2008/12/24 01:01:26 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/23 23:02:58 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Firefox\Profiles\4r15r5g3.default\extensions
[2009/07/04 12:07:48 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Firefox\Profiles\4r15r5g3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/13 16:09:10 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Firefox\Profiles\4r15r5g3.default\extensions\[email protected]
[2009/03/17 23:09:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/21 00:00:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/21 00:00:27 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/21 00:00:27 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/18 01:02:29 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/21 00:00:28 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/09/10 14:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/03/15 06:10:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/10 14:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/20 11:59:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/20 11:59:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/20 11:59:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/20 11:59:07 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/20 11:59:07 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/20 11:59:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/24 00:38:32 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2009/07/24 00:32:25 | 00,000,000 | ---D | C] -- C:\Users\Jim\Desktop\RootRepeal
[2009/07/24 00:31:28 | 00,462,508 | ---- | C] () -- C:\Users\Jim\Desktop\RootRepeal.zip
[2009/07/23 22:55:21 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/23 22:55:09 | 00,000,915 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/23 22:54:53 | 00,000,735 | ---- | C] () -- C:\Users\Jim\Desktop\NTREGOPT.lnk
[2009/07/23 22:54:53 | 00,000,716 | ---- | C] () -- C:\Users\Jim\Desktop\ERUNT.lnk
[2009/07/23 22:54:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/23 22:53:54 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jim\Desktop\erunt_setup.exe
[2009/07/23 03:13:31 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/07/23 03:13:20 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/07/23 03:13:20 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/07/23 03:13:19 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/07/23 03:13:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/07/23 03:13:17 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/07/22 21:59:14 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At15.job
[2009/07/22 03:54:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/22 03:49:19 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At14.job
[2009/07/22 03:11:10 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/07/22 02:09:08 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At13.job
[2009/07/22 02:06:19 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At12.job
[2009/07/22 02:04:17 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At11.job
[2009/07/22 01:05:32 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At10.job
[2009/07/22 00:40:24 | 00,359,929 | ---- | C] () -- C:\Users\Jim\Desktop\dds.scr
[2009/07/22 00:27:47 | 02,901,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jim\Desktop\mbam-rules.exe
[2009/07/22 00:19:56 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At9.job
[2009/07/22 00:18:20 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At8.job
[2009/07/22 00:02:47 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At7.job
[2009/07/21 23:28:29 | 00,646,872 | ---- | C] (Crawler Inc. ) -- C:\Users\Jim\Desktop\SpywareTerminatorSetup.exe
[2009/07/21 20:15:53 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/07/21 19:37:52 | 00,000,788 | ---- | C] () -- C:\Users\Jim\Desktop\Trend Micro Security Software Download Manager.lnk
[2009/07/21 19:37:51 | 00,000,000 | ---D | C] -- C:\Users\Jim\Desktop\TrendMicro_Downloader
[2009/07/21 19:37:31 | 01,975,504 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jim\Desktop\TrendMicro_Downloader.exe
[2009/07/21 18:36:17 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At6.job
[2009/07/21 18:35:40 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At5.job
[2009/07/21 18:34:50 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At4.job
[2009/07/21 18:32:31 | 00,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Avira
[2009/07/21 18:12:25 | 00,000,000 | ---D | C] -- C:\Users\Jim\Desktop\look2medestroyer
[2009/07/21 18:08:27 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At3.job
[2009/07/21 18:07:09 | 00,448,487 | ---- | C] () -- C:\Users\Jim\Desktop\L2MRemover.zip
[2009/07/21 17:53:34 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At2.job
[2009/07/21 17:49:27 | 00,000,382 | ---- | C] () -- C:\Windows\tasks\At1.job
[2009/07/21 17:42:00 | 00,085,635 | ---- | C] () -- C:\Users\Jim\Desktop\Qoofix.zip
[2009/07/21 15:47:37 | 00,000,000 | -H-- | C] () -- C:\Users\Jim\AppData\Local\IconCache.db
[2009/07/21 12:00:09 | 00,001,876 | ---- | C] () -- C:\Users\Jim\Desktop\HijackThis.lnk
[2009/07/21 12:00:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/21 11:59:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jim\Desktop\HJTInstall.exe
[2009/07/21 11:44:43 | 37,476,55680 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/21 01:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/21 01:47:13 | 00,847,776 | ---- | C] (AVG Technologies) -- C:\Users\Jim\Desktop\avg_avwt_stb_all_8_30.exe
[2009/07/21 01:23:05 | 32,299,960 | ---- | C] () -- C:\Users\Jim\Desktop\avira_antivir_personal_en.exe
[2009/07/21 01:21:10 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Users\Jim\Desktop\jim.exe
[2009/07/21 01:18:58 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\TFC.exe
[2009/07/21 01:17:27 | 03,146,989 | ---- | C] () -- C:\Users\Jim\Desktop\ComboFix.exe
[2009/07/21 01:12:56 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/21 01:12:53 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/21 01:12:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/21 01:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/20 17:42:16 | 14,986,944 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Jim\Desktop\88uqsn42.exe
[2009/07/19 20:07:01 | 00,000,445 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\XENTONE Preferences
[2009/07/10 14:02:05 | 00,000,000 | ---D | C] -- C:\Users\Jim\Documents\Sony Media Libraries
[2009/07/10 14:01:56 | 00,000,000 | ---D | C] -- C:\Users\Jim\Documents\Sony ACID Pro 6.0 Projects
[2009/07/10 14:01:56 | 00,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Sony
[2009/07/10 13:22:10 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/07/10 13:21:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2009/07/10 12:44:22 | 00,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Sony ACID Pro 6.0

========== Files - Modified Within 14 Days ==========

[2009/07/24 00:38:33 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2009/07/24 00:31:46 | 00,462,508 | ---- | M] () -- C:\Users\Jim\Desktop\RootRepeal.zip
[2009/07/24 00:31:29 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/24 00:31:29 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/24 00:31:01 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/23 23:31:04 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/23 22:55:09 | 00,000,915 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/23 22:54:53 | 00,000,735 | ---- | M] () -- C:\Users\Jim\Desktop\NTREGOPT.lnk
[2009/07/23 22:54:53 | 00,000,716 | ---- | M] () -- C:\Users\Jim\Desktop\ERUNT.lnk
[2009/07/23 22:53:55 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jim\Desktop\erunt_setup.exe
[2009/07/23 22:51:56 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/07/23 22:47:52 | 00,002,463 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2009/07/23 22:47:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/23 22:47:23 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/23 22:47:21 | 37,476,55680 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/23 22:32:29 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At15.job
[2009/07/23 15:16:46 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At14.job
[2009/07/23 15:16:41 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At13.job
[2009/07/23 15:16:37 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At11.job
[2009/07/23 03:13:32 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/07/22 23:26:27 | 00,000,000 | -H-- | M] () -- C:\Users\Jim\AppData\Local\IconCache.db
[2009/07/22 23:22:29 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At6.job
[2009/07/22 03:55:18 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/07/22 02:07:07 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At12.job
[2009/07/22 01:59:16 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At10.job
[2009/07/22 01:19:31 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At9.job
[2009/07/22 00:40:27 | 00,359,929 | ---- | M] () -- C:\Users\Jim\Desktop\dds.scr
[2009/07/22 00:27:48 | 02,901,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jim\Desktop\mbam-rules.exe
[2009/07/22 00:19:48 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At7.job
[2009/07/22 00:19:41 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At8.job
[2009/07/21 23:37:25 | 00,174,080 | ---- | M] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/21 23:28:39 | 00,646,872 | ---- | M] (Crawler Inc. ) -- C:\Users\Jim\Desktop\SpywareTerminatorSetup.exe
[2009/07/21 23:24:24 | 00,000,788 | ---- | M] () -- C:\Users\Jim\Desktop\Trend Micro Security Software Download Manager.lnk
[2009/07/21 19:37:35 | 01,975,504 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jim\Desktop\TrendMicro_Downloader.exe
[2009/07/21 18:36:10 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At5.job
[2009/07/21 18:35:23 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At2.job
[2009/07/21 18:35:19 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At1.job
[2009/07/21 18:35:14 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At4.job
[2009/07/21 18:35:09 | 00,000,382 | ---- | M] () -- C:\Windows\tasks\At3.job
[2009/07/21 18:08:01 | 00,448,487 | ---- | M] () -- C:\Users\Jim\Desktop\L2MRemover.zip
[2009/07/21 17:42:05 | 00,085,635 | ---- | M] () -- C:\Users\Jim\Desktop\Qoofix.zip
[2009/07/21 12:00:09 | 00,001,876 | ---- | M] () -- C:\Users\Jim\Desktop\HijackThis.lnk
[2009/07/21 11:59:50 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jim\Desktop\HJTInstall.exe
[2009/07/21 01:47:14 | 00,847,776 | ---- | M] (AVG Technologies) -- C:\Users\Jim\Desktop\avg_avwt_stb_all_8_30.exe
[2009/07/21 01:23:42 | 32,299,960 | ---- | M] () -- C:\Users\Jim\Desktop\avira_antivir_personal_en.exe
[2009/07/21 01:21:10 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Users\Jim\Desktop\jim.exe
[2009/07/21 01:18:59 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\TFC.exe
[2009/07/21 01:17:30 | 03,146,989 | ---- | M] () -- C:\Users\Jim\Desktop\ComboFix.exe
[2009/07/21 01:12:56 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/20 17:42:53 | 14,986,944 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Jim\Desktop\88uqsn42.exe
[2009/07/20 07:09:27 | 00,281,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/20 02:55:57 | 00,067,776 | ---- | M] () -- C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/19 22:37:05 | 00,000,445 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\XENTONE Preferences
[2009/07/19 20:04:50 | 00,001,126 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/10 13:22:24 | 00,765,518 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/10 13:22:24 | 00,651,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/10 13:22:24 | 00,124,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== LOP Check ==========

[2009/07/21 15:45:29 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming
[2009/07/02 03:19:14 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Cycling '74
[2009/03/17 23:19:50 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Dell
[2009/03/17 23:19:51 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DMCache
[2009/05/13 06:56:42 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DonationCoder
[2009/06/07 08:49:19 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\dvdcss
[2009/06/03 03:59:03 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FileZilla
[2009/03/17 23:19:51 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FlashGet
[2009/03/17 23:19:51 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GetRight
[2009/03/17 23:19:53 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IDM
[2006/11/02 07:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Media Center Programs
[2009/02/18 04:58:46 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\NetMedia Providers
[2009/01/11 21:42:11 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Publish Providers
[2009/03/17 23:20:40 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Roxio
[2009/06/09 04:30:12 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SignalAnalyzer
[2009/07/22 22:25:56 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Sony
[2009/03/17 23:20:42 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SystemRequirementsLab
[2009/06/10 12:42:54 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Template
[2009/04/10 20:10:46 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TVU networks
[2009/03/17 23:20:42 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue
[2009/07/19 19:06:39 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\uTorrent
[2009/07/21 18:35:19 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009/07/22 01:59:16 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2009/07/23 15:16:37 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2009/07/22 02:07:07 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2009/07/23 15:16:41 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2009/07/23 15:16:46 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2009/07/23 22:32:29 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2009/07/21 18:35:23 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2009/07/21 18:35:09 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2009/07/21 18:35:14 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2009/07/21 18:36:10 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2009/07/22 23:22:29 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2009/07/22 00:19:48 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2009/07/22 00:19:41 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2009/07/22 01:19:31 | 00,000,382 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2009/07/23 22:51:56 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/07/23 23:31:04 | 00,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/24 00:31:01 | 00,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/23 22:47:27 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/23 22:46:36 | 00,019,332 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6FDABC0E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >


Extras (OTL)

OTL Extras logfile created on: 7/24/2009 12:40:03 AM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 107.29 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.36 Gb Free Space | 43.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103F1942-FF9D-4A0B-8C9C-5B86A7334B94}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4123D60E-B785-4A28-98DB-4B6B0416D503}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{4EE6D749-199A-4F76-B122-48EA7F526930}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{54D95848-72CE-4764-99D5-A013D6F02224}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67CFEE26-6703-43E9-8858-F42643A4C826}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{67D39865-532A-4F5F-9E36-27D5A432DEEC}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{759B723C-D878-438A-82B1-26E3B5C35A8C}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{7E27352E-E960-43E5-994D-8DA5B3A83D2B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{89083612-7C3A-446E-BA6D-C7C80BAADCAF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CC65E3C-77E5-42A9-AD08-758FA6880279}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{A7116F81-F68D-482F-B0ED-2FF4F4660415}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{BFABFC82-4C32-45A0-8E4D-C6E89D8155D4}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{CFDB8787-7A34-42AA-A5EC-6A07C6B2E6FC}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{D894A360-7B5B-46B7-9441-E307CB151785}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FBD1A3F8-B0C8-4514-8852-3A48CDBCB59A}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{FDB4D71C-4E3E-4C65-8C2B-524924FA62ED}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"TCP Query User{0411487A-9815-4F4D-A2B8-13BB1FD33602}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{137F6A09-11CF-4B7A-B3B8-129885285347}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{40A81185-A5A1-414F-A904-982308C35D42}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{50BCB105-3F46-4DF3-A34D-D2017CE38BB1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{5601A5C0-A2EC-4E07-BF4C-A33C20C9A646}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5B5A130C-1966-4F3F-B5E0-4B76718F91A4}C:\program files\pd\bin\pd.exe" = protocol=6 | dir=in | app=c:\program files\pd\bin\pd.exe |
"TCP Query User{7E79033E-71BE-49DD-B873-6836AB54CEC5}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{875B9427-FEC9-4BA1-A5D7-6353766444D3}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{8EE3D3DA-014C-4CA3-A34C-18CF04EFB866}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{8F5DDFC5-DAD7-490F-8CCB-B5E6F0DE7B47}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{A29CDDC8-0A22-44E3-9B56-BF8FC5C30964}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"TCP Query User{C81BE1A6-073C-4500-974E-A8F21EF3194D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E1B7E309-57D1-4911-A722-332801EF1BB2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E53C68FD-8B6A-47C7-96C1-871DBA67DB03}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F860595E-D950-45ED-AC06-E103947039AB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FF0DE57E-2EDB-4592-A907-F7B4E4CCFB40}C:\users\jim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\jim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{026B5735-1EFE-4268-9E5F-61C1F4E16FCB}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{105DD9B2-93AF-44D5-925B-78148F7029D1}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{21CB1AB4-70F0-4181-9ED3-3F6AC8B4F2B9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{285D6D01-1FCD-4923-9A75-E09B1EFDB8B7}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2C65A9D8-2FCD-4AC0-9E3B-23294E6DB4D9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{640DA33B-9813-40E4-8110-DE8E9252CEDC}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{8E66B5F3-8307-41F8-8E42-753E9435F5C6}C:\users\jim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\jim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{93BCA127-5862-4ECD-9C79-5A930F2FF550}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9491D161-0C13-49FE-98D7-DCC86C538FD7}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{A3FA06EB-DC5A-498F-90D6-58EF9E1AC659}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"UDP Query User{ACC47B2B-4296-4677-8F72-9F4D19C4A61D}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{B452697F-C4CF-47F5-B244-66FD6A78C3B7}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C7BE81B3-9B25-4549-9F78-F22594636E41}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{E28639D9-32E2-43D6-B6F6-F0E09FD810AD}C:\program files\pd\bin\pd.exe" = protocol=17 | dir=in | app=c:\program files\pd\bin\pd.exe |
"UDP Query User{EB41FA8E-D4E4-4394-B694-06505C1D19BB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{EC112865-9D81-4228-87F1-F4D15B5F886A}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}" = Sony Media Manager 2.2
"{48EB9208-593D-4DC7-B613-9C5A210D87BA}" = Sony Sound Forge 8.0b
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{784DF107-2945-4B65-ADE3-A58ECD6C37A9}" = Sony Vegas 5.0a
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B535B621-5559-11DE-A7A1-005056806466}" = Google Earth Plugin
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Apen CD Ripper_is1" = Apen CD Ripper 1.02
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00
"EchoFilter 2.0 Free" = EchoFilter 2.0 Free
"EchoFilter 3.01 Trial" = EchoFilter 3.01 Trial
"ERUNT_is1" = ERUNT 1.1j
"FFT Properties (32) v5" = FFT Properties (32)
"FileZilla Client" = FileZilla Client 3.2.4.1
"FlashGet" = FlashGet 1.9.6.1073
"GetRight_is1" = GetRight
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder iPhone Edition" = MediaCoder iPhone Edition
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"OJOsoft Audio Converter_is1" = OJOsoft Audio Converter
"P2P Tv Plugin_is1" = P2P Tv Plugin
"pd_is1" = Pd-0.40.3-extended-20080721
"RealAlt_is1" = Real Alternative 1.9.0
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"SopCast" = SopCast 3.0.3
"Soulseek2" = SoulSeek 157 NS 13c
"Spyware Doctor" = Spyware Doctor 6.0
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.5.1
"VLC media player" = VLC media player 0.9.8a
"WildTangent dell Master Uninstall" = WildTangent Games
"WinAce Archiver" = WinAce Archiver
"WinPcapInst" = WinPcap 4.1 beta5
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2009 8:09:33 PM | Computer Name = Jim-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 75.101.191.25:80
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress
socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket
s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult
asyncResult, Int32 timeout, Exception& exception) --- End of inner exception
stack trace --- at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 7/19/2009 8:09:38 PM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/20/2009 8:10:42 AM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/20/2009 8:11:56 AM | Computer Name = Jim-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 75.101.191.25:80
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress
socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket
s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult
asyncResult, Int32 timeout, Exception& exception) --- End of inner exception
stack trace --- at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 7/20/2009 5:56:46 PM | Computer Name = Jim-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 75.101.191.25:80
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress
socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket
s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult
asyncResult, Int32 timeout, Exception& exception) --- End of inner exception
stack trace --- at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 7/20/2009 5:56:48 PM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2009 12:58:33 AM | Computer Name = Jim-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 75.101.191.25:80
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress
socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket
s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult
asyncResult, Int32 timeout, Exception& exception) --- End of inner exception
stack trace --- at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 7/21/2009 12:58:34 AM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2009 2:21:29 AM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application avast_home_setup.exe, version 4.8.0.0, time stamp
0x49de0798, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
exception code 0xe06d7363, fault offset 0x000442eb, process id 0x1444, application
start time 0x01ca09cb79141dfb.

Error - 7/21/2009 2:21:49 AM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application avast_home_setup.exe, version 4.8.0.0, time stamp
0x49de0798, faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395,
exception code 0xe06d7363, fault offset 0x000442eb, process id 0x15a8, application
start time 0x01ca09cb85850dbb.

[ Broadcom Wireless LAN Events ]
Error - 7/21/2009 5:43:55 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 16:43:55, Tue, Jul 21, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/21/2009 5:43:55 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 16:43:55, Tue, Jul 21, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/21/2009 8:14:02 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 19:14:02, Tue, Jul 21, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/21/2009 8:14:02 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 19:14:02, Tue, Jul 21, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/22/2009 4:44:47 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 03:44:47, Wed, Jul 22, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/22/2009 4:44:47 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 03:44:47, Wed, Jul 22, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/22/2009 4:55:59 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 03:55:59, Wed, Jul 22, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/22/2009 4:55:59 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 03:55:59, Wed, Jul 22, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/22/2009 4:30:25 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 15:30:25, Wed, Jul 22, 09 Error - User "" does not have administrative
privileges on this system

Error - 7/22/2009 4:30:25 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 15:30:25, Wed, Jul 22, 09 Error - User "" does not have administrative
privileges on this system

[ System Events ]
Error - 7/24/2009 12:11:47 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 12:21:48 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 12:31:50 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 12:41:53 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 12:51:55 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 1:01:56 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 1:11:57 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 1:21:57 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 1:32:00 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.

Error - 7/24/2009 1:42:04 AM | Computer Name = Jim-PC | Source = netbt | ID = 4321
Description = The name "JM :0" could not be registered on the interface
with IP address 192.168.2.106. The computer with the IP address 192.168.2.101 did
not allow the name to be claimed by this computer.


< End of report >



Thank you very much for any help.

Edited by chili fries, 24 July 2009 - 12:06 AM.

  • 0

Advertisements

#2
hammerman
Posted 24 July 2009 - 01:49 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello and welcome to GeeksToGo.
I'm hammerman and I'm going to help you fix your problem.

Please note that I am still in training and my replies need to be checked by an expert. This means there may be a small delay between my posts. Please bear with me.

I am looking through your log now and will reply as soon as possible.

Before we begin, I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • 0

#3
hammerman
Posted 25 July 2009 - 01:28 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi chili fries,

Sorry about the delay in getting a reply to you. Can you tell me if this is your computer used for work purposes or is a work-owned computer?

We'll need to take a fresh look at your system. What are your current symptoms?

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#4
chili fries
Posted 25 July 2009 - 02:21 AM

chili fries

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Don't worry about the delay, Hammerman, I greatly appreciate your help. I own the computer. I am self-employed.

Right now the symptoms seem to have lessened but there is still something weird going on. There is a frustrating lag when I'm doing anything and I get "not responding" times from different programs much more than I have in the past. Also, I tried to run a Panda Scan online scan a few hours ago and it locked up my computer. It's better than it was yesterday, I've been running different online scans and they found and cleared a few infections, but it's still acting strange.

Attached File  OTS.Txt   181.82KB   193 downloads
  • 0

#5
hammerman
Posted 25 July 2009 - 08:29 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

Can you please follow these steps.

-- Step 1 --

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search]
[Files/Folders - Modified Within 30 Days]
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[Custom Items]
:files
C:\Windows\tasks\At*.job
:end
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

-- Step 2 --
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Windows\System32\Dspp6.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Repeat the above for the file C:\Windows\System32\DSP.dll

-- Step 3 --

You have traces of AVG antivirus on your system. Please use the AVG removal tool here, to completely remove AVG from your computer.

-- Step 4 --

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Can you please reply with
1. The report from the OTS fix in step 1
2. The VirScan reports
3. An update on how your computer is running.
  • 0

#6
chili fries
Posted 25 July 2009 - 03:15 PM

chili fries

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
My computer does seem to be working better now. Another thing that has changed is that my saved Firefox tabs have been restored. They had almost all disappeared for a while (I'm not sure exactly when) but now they are back in full.


OTS Fix Report:
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
[Custom Items]
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jim
->Temp folder emptied: 30693983 bytes
File delete failed. C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1366326 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91272956 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117.62 mb

< End of fix log >
OTS by OldTimer - Version 3.0.10.1 fix logfile created on 07252009_150030

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




VirSCAN.org Scanned Report :
Scanned time : 2009/07/25 15:09:13 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : Dspp6.dll
File Size : 36864 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 2c18541b898d7b74f7f3ec21b235575d
SHA1 : e206eda8946ccfc8b68eb5512004f485d903a2e2
Online report : http://virscan.org/r...5be1d3a1c9.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090724195220 2009-07-24 0.33 -
AhnLab V3 2009.07.25.00 2009.07.25 2009-07-25 0.76 -
AntiVir 8.2.0.228 7.1.5.28 2009-07-24 0.14 -
Antiy 2.0.18 20090725.2642626 2009-07-25 0.02 -
Arcavir 2009 200907250844 2009-07-25 0.04 -
Authentium 5.1.1 200907241350 2009-07-24 1.16 -
AVAST! 4.7.4 090724-0 2009-07-24 0.01 -
AVG 8.5.288 270.13.29/2261 2009-07-25 0.33 -
BitDefender 7.81008.3849712 7.26803 2009-07-26 3.32 -
CA (VET) 9.0.0.143 31.6.6638 2009-07-25 4.01 -
ClamAV 0.95.2 9612 2009-07-25 0.01 -
Comodo 3.10 1765 2009-07-25 0.70 -
CP Secure 1.1.0.715 2009.07.25 2009-07-25 11.46 -
Dr.Web 4.44.0.9170 2009.07.25 2009-07-25 4.97 -
F-Prot 4.4.4.56 20090724 2009-07-24 1.14 -
F-Secure 7.02.73807 2009.07.24.08 2009-07-24 7.50 -
Fortinet 2.81-3.120 10.643 2009-07-24 0.26 -
GData 19.6689/19.410 20090725 2009-07-25 4.48 -
ViRobot 20090721 2009.07.21 2009-07-21 0.44 -
Ikarus T3.1.01.64 2009.07.25.73100 2009-07-25 5.14 -
JiangMin 11.0.800 2009.07.25 2009-07-25 3.77 -
Kaspersky 5.5.10 2009.07.25 2009-07-25 0.09 -
KingSoft 2009.2.5.15 2009.7.25.21 2009-07-25 0.58 -
McAfee 5.3.00 5688 2009-07-25 2.95 -
Microsoft 1.4903 2009.07.25 2009-07-25 5.02 -
Norman 6.01.09 6.01.00 2009-07-24 4.00 -
Panda 9.05.01 2009.07.25 2009-07-25 1.97 -
Trend Micro 8.700-1004 6.316.05 2009-07-25 0.02 -
Quick Heal 10.00 2009.07.25 2009-07-25 1.10 -
Rising 20.0 21.39.52.00 2009-07-25 0.82 -
Sophos 2.88.0 4.43 2009-07-26 3.01 -
Sunbelt 5284 5284 2009-07-24 1.01 -
Symantec 1.3.0.24 20090725.003 2009-07-25 0.05 -
nProtect 20090725.01 4937436 2009-07-25 6.42 -
The Hacker 6.3.4.3 v00373 2009-07-23 0.66 -
VBA32 3.12.10.9 20090724.1323 2009-07-24 1.78 -
VirusBuster 4.5.11.10 10.109.12/1833570 2009-07-26 2.20 -




VirSCAN.org Scanned Report :
Scanned time : 2009/07/25 15:19:49 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : DSP.dll
File Size : 4608 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 99610e71e7335c985a44d3704656dedf
SHA1 : 6ebe155768fa10e8a1891507f98f9de27bdc5ac3
Online report : http://virscan.org/r...b491b6a922.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090724195220 2009-07-24 0.36 -
AhnLab V3 2009.07.25.00 2009.07.25 2009-07-25 0.77 -
AntiVir 8.2.0.228 7.1.5.28 2009-07-24 0.47 -
Antiy 2.0.18 20090725.2642626 2009-07-25 0.02 -
Arcavir 2009 200907250844 2009-07-25 0.02 -
Authentium 5.1.1 200907241350 2009-07-24 1.15 -
AVAST! 4.7.4 090724-0 2009-07-24 0.00 -
AVG 8.5.288 270.13.29/2261 2009-07-25 0.31 -
BitDefender 7.81008.3849712 7.26803 2009-07-26 3.31 -
CA (VET) 9.0.0.143 31.6.6638 2009-07-25 4.66 -
ClamAV 0.95.2 9612 2009-07-25 0.01 -
Comodo 3.10 1765 2009-07-25 0.68 -
CP Secure 1.1.0.715 2009.07.25 2009-07-25 11.44 -
Dr.Web 4.44.0.9170 2009.07.25 2009-07-25 4.95 -
F-Prot 4.4.4.56 20090724 2009-07-24 1.14 -
F-Secure 7.02.73807 2009.07.24.08 2009-07-24 7.54 -
Fortinet 2.81-3.120 10.643 2009-07-24 0.23 -
GData 19.6689/19.410 20090725 2009-07-25 4.68 -
ViRobot 20090721 2009.07.21 2009-07-21 0.43 -
Ikarus T3.1.01.64 2009.07.25.73100 2009-07-25 3.83 -
JiangMin 11.0.800 2009.07.25 2009-07-25 4.45 -
Kaspersky 5.5.10 2009.07.25 2009-07-25 0.08 -
KingSoft 2009.2.5.15 2009.7.25.21 2009-07-25 0.52 -
McAfee 5.3.00 5688 2009-07-25 2.99 -
Microsoft 1.4903 2009.07.25 2009-07-25 5.71 -
Norman 6.01.09 6.01.00 2009-07-24 4.01 -
Panda 9.05.01 2009.07.25 2009-07-25 1.58 -
Trend Micro 8.700-1004 6.316.05 2009-07-25 0.03 -
Quick Heal 10.00 2009.07.25 2009-07-25 1.05 -
Rising 20.0 21.39.52.00 2009-07-25 0.78 -
Sophos 2.88.0 4.43 2009-07-26 2.95 -
Sunbelt 5284 5284 2009-07-24 1.04 -
Symantec 1.3.0.24 20090725.003 2009-07-25 0.06 -
nProtect 20090725.01 4937436 2009-07-25 6.67 -
The Hacker 6.3.4.3 v00373 2009-07-23 0.66 -
VBA32 3.12.10.9 20090724.1323 2009-07-24 1.79 -
VirusBuster 4.5.11.10 10.109.12/1833570 2009-07-26 2.20 -
  • 0

#7
hammerman
Posted 26 July 2009 - 04:53 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

Can you please carry out the following steps.

-- Step 1 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
-- Step 2 --

Run OTL and select Minimal Output and LOP Check. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
  • 0

#8
chili fries
Posted 26 July 2009 - 06:12 PM

chili fries

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
The Kaspersky scan found no infections. One thing that may be important is that it didn't allow me to select a scan for "Viruses, worms, trojan horses, rootkits". That option was grayed out under settings. I was only allowed to scan for "Spyware, adware, dialers and other potentially dangerous programs".

My computer is still acting strange so I think something is still amiss.

OTL log:

OTL logfile created on: 7/26/2009 7:00:11 PM - Run 2
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 87.85% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 106.64 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.36 Gb Free Space | 43.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
PRC - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\STacSV.exe (IDT, Inc.)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Users\Jim\AppData\Local\Temp\jkos-Jim\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Users\Jim\AppData\Local\Temp\jkos-Jim\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mfpmp.exe (Microsoft Corporation)
PRC - C:\Users\Jim\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AESTFilters [Auto | Running]) -- C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService [Auto | Running]) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (GoogleDesktopManager-092308-165331 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (gupdate1c985a15cf94e28 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hnmsvc [Auto | Running]) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped]) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sprtsvc_DellSupportCenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped]) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\STacSV.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=4081218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=4081218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=4081218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 75.101.191.25:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://by109w.bay109...0&n=1812397654"
FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..network.proxy.http: "194.170.32.251"
FF - prefs.js..network.proxy.http_port: 443

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/29 03:00:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/21 00:00:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/26 06:23:10 | 00,000,000 | ---D | M]

[2009/03/17 23:20:38 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Extensions
[2008/12/24 01:01:26 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/26 06:47:52 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Firefox\Profiles\4r15r5g3.default\extensions
[2009/07/04 12:07:48 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Firefox\Profiles\4r15r5g3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/13 16:09:10 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Firefox\Profiles\4r15r5g3.default\extensions\[email protected]
[2009/07/24 01:08:23 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mozilla\Firefox\Profiles\4r15r5g3.default\extensions\[email protected]
[2009/07/26 06:47:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/21 00:00:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/26 06:23:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/21 00:00:27 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/21 00:00:27 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/18 01:02:29 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/26 06:22:52 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/21 00:00:28 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/09/10 14:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/03/15 06:10:18 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/15 06:10:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/10 14:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/20 11:59:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/20 11:59:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/20 11:59:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/20 11:59:07 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/20 11:59:07 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/20 11:59:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...686/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/26 00:15:04 | 00,003,584 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/25 15:00:30 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/07/25 03:03:42 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTS.exe
[2009/07/24 04:29:58 | 00,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2009/07/24 00:38:32 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2009/07/24 00:32:25 | 00,000,000 | ---D | C] -- C:\Users\Jim\Desktop\RootRepeal
[2009/07/23 22:55:21 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/23 22:55:09 | 00,000,915 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/23 22:54:53 | 00,000,735 | ---- | C] () -- C:\Users\Jim\Desktop\NTREGOPT.lnk
[2009/07/23 22:54:53 | 00,000,716 | ---- | C] () -- C:\Users\Jim\Desktop\ERUNT.lnk
[2009/07/23 22:54:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/23 03:13:20 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/07/22 03:54:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/22 03:11:10 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/07/22 00:40:24 | 00,359,929 | ---- | C] () -- C:\Users\Jim\Desktop\dds.scr
[2009/07/21 23:28:29 | 00,646,872 | ---- | C] (Crawler Inc. ) -- C:\Users\Jim\Desktop\SpywareTerminatorSetup.exe
[2009/07/21 20:15:53 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/07/21 19:37:52 | 00,000,788 | ---- | C] () -- C:\Users\Jim\Desktop\Trend Micro Security Software Download Manager.lnk
[2009/07/21 18:32:31 | 00,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Avira
[2009/07/21 15:47:37 | 04,724,507 | -H-- | C] () -- C:\Users\Jim\AppData\Local\IconCache.db
[2009/07/21 12:00:09 | 00,001,876 | ---- | C] () -- C:\Users\Jim\Desktop\HijackThis.lnk
[2009/07/21 12:00:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/21 11:44:43 | 37,455,70816 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/21 01:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/21 01:23:05 | 32,299,960 | ---- | C] () -- C:\Users\Jim\Desktop\avira_antivir_personal_en.exe
[2009/07/21 01:21:10 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Users\Jim\Desktop\jim.exe
[2009/07/21 01:18:58 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\TFC.exe
[2009/07/21 01:17:27 | 03,146,989 | ---- | C] () -- C:\Users\Jim\Desktop\ComboFix.exe
[2009/07/21 01:12:56 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/21 01:12:53 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/21 01:12:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/21 01:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/20 17:42:16 | 14,986,944 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Jim\Desktop\88uqsn42.exe
[2009/07/19 20:07:01 | 00,000,445 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\XENTONE Preferences

========== Files - Modified Within 14 Days ==========

[2009/07/26 18:43:10 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 18:43:10 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 18:33:38 | 00,003,584 | ---- | M] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/26 18:31:01 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/26 14:59:10 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/07/26 06:43:34 | 00,002,463 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2009/07/26 06:43:14 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/26 06:43:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/26 06:43:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/26 06:43:06 | 37,455,70816 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/26 06:42:28 | 04,724,507 | -H-- | M] () -- C:\Users\Jim\AppData\Local\IconCache.db
[2009/07/25 03:03:42 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTS.exe
[2009/07/24 00:38:33 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2009/07/23 22:55:09 | 00,000,915 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/23 22:54:53 | 00,000,735 | ---- | M] () -- C:\Users\Jim\Desktop\NTREGOPT.lnk
[2009/07/23 22:54:53 | 00,000,716 | ---- | M] () -- C:\Users\Jim\Desktop\ERUNT.lnk
[2009/07/22 03:55:18 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/07/22 00:40:27 | 00,359,929 | ---- | M] () -- C:\Users\Jim\Desktop\dds.scr
[2009/07/21 23:28:39 | 00,646,872 | ---- | M] (Crawler Inc. ) -- C:\Users\Jim\Desktop\SpywareTerminatorSetup.exe
[2009/07/21 23:24:24 | 00,000,788 | ---- | M] () -- C:\Users\Jim\Desktop\Trend Micro Security Software Download Manager.lnk
[2009/07/21 12:00:09 | 00,001,876 | ---- | M] () -- C:\Users\Jim\Desktop\HijackThis.lnk
[2009/07/21 01:23:42 | 32,299,960 | ---- | M] () -- C:\Users\Jim\Desktop\avira_antivir_personal_en.exe
[2009/07/21 01:21:10 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Users\Jim\Desktop\jim.exe
[2009/07/21 01:18:59 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\TFC.exe
[2009/07/21 01:17:30 | 03,146,989 | ---- | M] () -- C:\Users\Jim\Desktop\ComboFix.exe
[2009/07/21 01:12:56 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/20 17:42:53 | 14,986,944 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Jim\Desktop\88uqsn42.exe
[2009/07/20 07:09:27 | 00,281,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/20 02:55:57 | 00,067,776 | ---- | M] () -- C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/19 22:37:05 | 00,000,445 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\XENTONE Preferences
[2009/07/19 20:04:50 | 00,001,126 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/07/21 15:45:29 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming
[2009/07/02 03:19:14 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Cycling '74
[2009/03/17 23:19:50 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Dell
[2009/03/17 23:19:51 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DMCache
[2009/05/13 06:56:42 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DonationCoder
[2009/06/07 08:49:19 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\dvdcss
[2009/06/03 03:59:03 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FileZilla
[2009/03/17 23:19:51 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FlashGet
[2009/03/17 23:19:51 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GetRight
[2009/03/17 23:19:53 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IDM
[2006/11/02 07:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Media Center Programs
[2009/02/18 04:58:46 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\NetMedia Providers
[2009/01/11 21:42:11 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Publish Providers
[2009/03/17 23:20:40 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Roxio
[2009/06/09 04:30:12 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SignalAnalyzer
[2009/07/22 22:25:56 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Sony
[2009/03/17 23:20:42 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SystemRequirementsLab
[2009/06/10 12:42:54 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Template
[2009/04/10 20:10:46 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TVU networks
[2009/03/17 23:20:42 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue
[2009/07/19 19:06:39 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\uTorrent
[2009/07/26 14:59:10 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/07/26 06:43:14 | 00,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/26 18:31:01 | 00,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/26 06:43:12 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/26 06:42:32 | 00,020,342 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6FDABC0E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
  • 0

#9
hammerman
Posted 27 July 2009 - 12:58 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

Can you please carry out these steps.

-- Step 1 --

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

-- Step 2 --

Run Malwarebytes' Anti-Malware.
  • Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
  • Select the Scanner tab, select "Perform full scan", then click Scan
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

-- Step 3 --

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.



When you say your computer's acting strange, can you expand on that a little. Are you still getting detections by Spyware Doctor or Avira?

You have SpywareDoctor and Superantispyware runnng in real time. Having more than one antispyware may lead to conflict between the programs and the extra resources required will inevitably slow down your computer.
  • 0

#10
chili fries
Posted 28 July 2009 - 07:32 AM

chili fries

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I ran the Malwarebytes and Kaspersky safe mode scans and they found nothing. I disabled Super AntiSpyware and ran Spyware Doctor. The Spyware Doctor quick scan ran really slow, which in the past I think has meant spyware is slowing my computer down. It did detect a lot of things and cleaned them. I then ran a complete scan with Spyware doctor. That scan ran normal speed and didn't detect anything. I really try to stay only on websites that seem reputable but it's so hard these days to not pick up anything.

One of the main ways my computer was acting weird is that when I went to a web page the page would load and then stall for about 5 seconds, often giving me the "not responding" message on the top of the Firefox browser which also turns the cursor to the little circle. This would happen whether my CPU usage was at 100% or not. I would click on a hyperlink, the page would load, then the cursor would lock up for a few moments before it let me scroll down the page or do whatever. Now that seems to be really minimized and not occurring at every page I visit. It just may be a case of me being paranoid about it happening now, maybe it's just a normal thing that happens when surfing some pages.

If you don't have any other advice I'd like to keep this topic open for another day so I can be sure that everything is normal. I'll post again tomorrow and let you know if everything is surely resolved.

Thanks again for your help, hammerman, I really appreciate it.
  • 0

#11
chili fries
Posted 28 July 2009 - 08:27 AM

chili fries

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I don't know if you were notified about my last post and read it so I'm going to post again instead of editing the above one. My browser still stalls when I'm visiting new web pages. It happens even though the progress bar on the bottom of the Firefox browser shows the page load has completed and even though the CPU usage is nowhere near 100%. It's not happening in Internet Explorer so maybe this is just a Firefox issue. I really prefer to use Firefox but switching to IE wouldn't be that big of a deal. Any thoughts on this?

Thanks again.
  • 0

#12
hammerman
Posted 28 July 2009 - 03:54 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

Can you give me any details of the detections made by Spyware Doctor? You should find detections in Settings > History. Save the history to a suitably named file and attach the file to your reply.

I find MyWot very good at indicating whether sites are good or bad.

You may want to go back to version 3.0.12 of Firefox. It's still available here. I think 3.5 still has some issues.
  • 0

#13
chili fries
Posted 28 July 2009 - 08:26 PM

chili fries

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I've attached that Spyware Doctor log.

Attached File  Spyware_Doctor_Log.txt   318.17KB   461 downloads

I also downloaded that older version of Firefox and it seems to work a lot more smoothly. I've turned off automatic Firefox updates so I can stay with the old version.

My computer seems to be back to normal now. Great work, Hammerman.
  • 0

#14
hammerman
Posted 29 July 2009 - 01:32 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi chili fries,

Those detections in Spyware Doctor are for cookies only and nothing to worry about. Here is an article about Cookies and how you can control them in Firefox. I personally use CookieSafe firefox addon.

Now for some good news - you computer is now clean

We need to remove the tools I've been using.

-- Step 1 --

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
-- Step 2 --

Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.

  • Right-click on My Computer and select Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files.
  • Now uncheck the Turn off System Restore, click Apply then OK.
A new Restore Point has now been created containing backup files for your computer that are clean. You can create additional Restore Points at any time. Click here for instructions.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#15
Essexboy
Posted 31 July 2009 - 11:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP