Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help wanted!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help wanted!

Unread postby melboy » November 27th, 2010, 5:23 pm

Hi Dorothy

Dorothy wrote:should say I'm not absolutely sure I got the router totally reset
It doesn't look like as though it was. Your DNS settings are still pointing to a server in the Russian Federation.
DNS Servers . . . . . . . . . . . : 213.109.66.237

http://whois.domaintools.com/213.109.66.237

Give me the exact make and model of your router and I'll see if I can find more specific instructions.


OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\f3a2be184315b053.dat -- (f3a2be184315b053)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\385ecfecf477f8e7.dat -- (385ecfecf477f8e7)
    IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {b6a73a11-0161-bbd1-427e-0c61e7e66e17} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.237 213.109.72.202 1.1.1.1
    
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

eek. Here's the otl output

Unread postby Dorothy » November 27th, 2010, 5:43 pm

All processes killed
========== OTL ==========
Service f3a2be184315b053 stopped successfully!
Service f3a2be184315b053 deleted successfully!
File C:\f3a2be184315b053.dat not found.
Service 385ecfecf477f8e7 stopped successfully!
Service 385ecfecf477f8e7 deleted successfully!
File C:\385ecfecf477f8e7.dat not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6a73a11-0161-bbd1-427e-0c61e7e66e17}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6a73a11-0161-bbd1-427e-0c61e7e66e17}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\ not found.
Starting removal of ActiveX control {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Al
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dot
->Temp folder emptied: 112251 bytes
->Temporary Internet Files folder emptied: 19943604 bytes
->Java cache emptied: 4282 bytes
->FireFox cache emptied: 86041815 bytes
->Google Chrome cache emptied: 964936 bytes
->Flash cache emptied: 4900 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40571138 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2565316 bytes

Total Files Cleaned = 143.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11272010_143617

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 27th, 2010, 5:49 pm

Do you have the make & model of your router Dorothy?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

router

Unread postby Dorothy » November 27th, 2010, 6:04 pm

Linksys NR041
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 27th, 2010, 6:39 pm

Hi Dorothy

I managed to find a manual online here. The instructions for resetting the router don't look to be much different to the original instructions I gave you. let's try again.


Resetting Router

Let’s try to reset the router to its default configuration.

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press the Reset Button and hold it down until the red Diag LED on the front panel turns on and off completely.

    Note:You may have to hold the Reset button for up to 30 seconds and then release it. This will return the password, forwarding, and other settings on the Router to the factory default settings.

  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.



flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:

      ipconfig /flushdns



Router Check

Now lets check the router again.

  • Open Notepad and copy/paste the entire contents inside the codebox below, into Notepad (Do Not include code:)
Code: Select all
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
  • Save this as router.bat
  • Choose to Save type as - All Files and where to save - Desktop
  • Close the Notepad file.
  • Double-click on router.bat to run it. It should look like this: Image
  • It will open notepad when done. Please post back the results
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Here it is--router.bat results

Unread postby Dorothy » November 27th, 2010, 7:03 pm

THANKS FOR HUNTING UP THAT MANUAL!!!!! I DON'T HAVE MY DNS RE-SET YET---I HAD WRITTEN IT DOWN AS THE RUSSIAN ONE SO THAT WON'T DO. WILL TAKE ME A BIT OF TIME TO GET THE PROVIDER TO CALL ME BACK. DOES THAT MESS WITH YOUR ABILITY TO ASSESS AT THIS POINT?
I KNOW THAT THE BAD IP IS NOT SHOWING IN MY ROUTER NOW. THE DNS AREAS ARE BLANK.
HERE'S THE FILE. ( I HAVE TO BE GONE TO CHURCH, IN CASE I DON'T GET BACK TO YOU ON THIS FOR A WHILE. WILL SAY ONE FOR YA, MELBOY!! :-)
-------------------------------
Windows IP Configuration



Host Name . . . . . . . . . . . . : Dots

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-28-45-3F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 65.172.143.253

65.172.143.239

Lease Obtained. . . . . . . . . . : Saturday, November 27, 2010 3:50:18 PM

Lease Expires . . . . . . . . . . : Tuesday, November 30, 2010 3:50:18 PM

Server: nebnet.net
Address: 65.172.143.253

Name: google.com
Addresses: 74.125.45.106, 74.125.45.147, 74.125.45.99, 74.125.45.103
74.125.45.104, 74.125.45.105

Server: nebnet.net
Address: 65.172.143.253

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging google.com [74.125.159.99] with 32 bytes of data:



Reply from 74.125.159.99: bytes=32 time=101ms TTL=49

Reply from 74.125.159.99: bytes=32 time=102ms TTL=49



Ping statistics for 74.125.159.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 101ms, Maximum = 102ms, Average = 101ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=128ms TTL=49

Reply from 209.191.122.70: bytes=32 time=128ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 128ms, Maximum = 128ms, Average = 128ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 28 45 3f ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

looks to me like the dns reset itself somehow..

Unread postby Dorothy » November 27th, 2010, 7:22 pm

when i do a: RUN CMD IPCONFIG/ALL
It shows my dns #s as : 65.172.143.253 and 65.172.143.239--which are definitely MY provider's numbers.
No sign of the Russians!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

But in the set up for my router, as I said, the three boxes for DNS are still blank. Is it oK to just leave them that way?

The internet is working. Maybe all solved???? :D
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 27th, 2010, 8:12 pm

Hi Dorothy

That looks a whole lot better :thumbright:


Hopefully we can finish this up now. Well done so far!


TFC

You should still have this on your desktop

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.



Re-run OTL

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, please post the contents of OTL.txt in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

must do later

Unread postby Dorothy » November 27th, 2010, 8:19 pm

YOU ARE AWESOME.
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 27th, 2010, 8:28 pm

aaw... Thanks!

Post the scan logs and I'll go over them in the morning (it's late here).

If you have any problems running ESET, let me know. AVG has sometimes been proving difficult of late when running other scans. If you do have problems, run a full scan with your AVG and let me know if it detects anything.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

the ESET and the OTL

Unread postby Dorothy » November 28th, 2010, 1:18 pm

Took almost 2 hrs for the ESET---thorough!
==========================================================
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8bf847c08ba9604b834726210592c512
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-28 05:05:09
# local_time=2010-11-28 10:05:09 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 3181138 3181138 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 4 55885156 55885156 0 0
# scanned=147013
# found=1
# cleaned=0
# scan_time=6792
C:\Documents and Settings\Dot\Application Data\AVG\Rescue\PC Tuneup 2011\101011213554265.rsc probably a variant of Win32/Agent.FXHNPDJ trojan 00000000000000000000000000000000 I

===========================
The OTL...

OTL logfile created on: 11/28/2010 10:12:32 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dot\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.48 Gb Total Space | 106.37 Gb Free Space | 73.12% Space Free | Partition Type: NTFS

Computer Name: DOTS | User Name: Dot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 10:29:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dot\Desktop\OTL.exe
PRC - [2010/10/28 19:40:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/23 18:07:50 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/10/23 18:07:46 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/10/19 06:18:40 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dot\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 11:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 16:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 16:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 16:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 16:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/28 21:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/09/15 04:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 02:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/03/24 06:30:40 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/15 16:30:06 | 000,574,760 | ---- | M] () -- C:\Program Files\iGive_Toolbar\igvtt.exe
PRC - [2009/09/15 16:30:06 | 000,095,528 | ---- | M] () -- C:\Program Files\iGive_Toolbar\igvtp.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/29 18:09:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2002/04/11 17:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brsvc01a.exe
PRC - [2001/12/12 17:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 10:29:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dot\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/23 18:07:46 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/19 15:42:14 | 000,132,608 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\RSVP.EXE -- (RSVP)
SRV - [2003/03/03 11:33:40 | 000,143,360 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/04/11 17:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/09 11:45:01 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 00:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DDMI2.sys -- (SDDMI2)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 16:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/webhp?hl=en&tab=nw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.184.133.210:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {cae9e4ee-e63b-4c68-8abf-672f47016882}:9.0.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/03 05:47:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/24 18:35:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/24 18:35:50 | 000,000,000 | ---D | M]

[2009/04/30 07:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Mozilla\Extensions
[2010/11/27 11:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions
[2009/10/30 13:34:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/20 19:43:19 | 000,000,000 | ---D | M] (IObitCom Toolbar) -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
[2010/10/30 09:19:59 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2009/07/27 10:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\extensions\en-US@dictionaries.addons.mozilla(2).org
[2010/04/30 20:31:12 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\searchplugins\bing-ff.xml
[2009/12/19 22:34:36 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Mozilla\Firefox\Profiles\9e1n9hmj.default\searchplugins\conduit.xml
[2010/11/27 11:12:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 06:39:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/23 10:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/23 10:11:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/03/19 15:37:50 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (no name) - {b6a73a11-0161-bbd1-427e-0c61e7e66e17} - No CLSID value found.
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (iGive Toolbar) - {FA73AE1B-4BA9-4E8B-832B-54A287FF1B7F} - C:\Program Files\iGive_Toolbar\igvtb.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [igvtm] C:\Program Files\iGive_Toolbar\igvtt.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTrace Express\NTXcontext.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: iGive Toolbar - C:\Documents and Settings\Dot\Application Data\iGive_Toolbar\igvtt\igvtC5.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/ ... arth3D.cab (Reg Error: Value error.)
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} http://www.pqprintcenter.com/plugin/axv ... ck1611.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} http://makeover.ivillage.co.uk/save/makeover.cab (Reg Error: Value error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.25/uploader2.cab (Reg Error: Value error.)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Value error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/54.16/uploader2.cab (Reg Error: Value error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.7.cab (Reg Error: Value error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (Reg Error: Value error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/share ... insctl.cab (Reg Error: Value error.)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Reg Error: Value error.)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://sidestep.com/get/k00719/sb02a.cab (Reg Error: Value error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Reg Error: Value error.)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://merillat.view22.com/view22/roomapp/View22RTE.cab (Reg Error: Value error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/share ... cgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Dot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/16 06:36:02 | 000,000,025 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{de5eddea-181e-11db-b5e4-00111128453f}\Shell - "" = AutoRun
O33 - MountPoints2\{de5eddea-181e-11db-b5e4-00111128453f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de5eddea-181e-11db-b5e4-00111128453f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: brssINFO - (C:\WINDOWS\system32\dplastat.dll) - C:\WINDOWS\System32\dplastat.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 08:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/27 14:35:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dot\Desktop\OTL.exe
[2010/11/24 19:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/24 18:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/24 18:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/23 11:41:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/11/23 10:54:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/23 10:54:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/23 10:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 10:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/22 13:00:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/16 18:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dot\HijackThis logs
[2010/11/14 15:26:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dot\Recent
[2010/11/09 19:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dot\My Documents\ranchWife
[2010/11/06 09:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dot\My Documents\epohelp_files
[2010/11/03 06:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dot\Application Data\PCDr
[2004/09/07 18:59:59 | 016,706,160 | ---- | C] (Netopsystems AG) -- C:\Program Files\AdbeRdr60_enu_full.exe

========== Files - Modified Within 30 Days ==========

[2010/11/28 10:15:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\prvlcl.dat
[2010/11/28 09:58:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/28 09:23:04 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-76020992-1609971859-2370090961-1007UA.job
[2010/11/28 09:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/11/28 08:35:24 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/28 07:40:41 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/11/28 07:40:39 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-76020992-1609971859-2370090961-1007.job
[2010/11/28 07:40:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/28 07:40:38 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2010/11/28 07:40:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/11/28 07:36:39 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to TFC.lnk
[2010/11/28 07:23:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-76020992-1609971859-2370090961-1007Core.job
[2010/11/27 07:39:19 | 100,345,489 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/24 19:07:07 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/24 18:35:35 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/24 15:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/23 15:31:57 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-76020992-1609971859-2370090961-1007.job
[2010/11/23 10:55:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/23 10:00:33 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to jre-6u22-windows-i586.lnk
[2010/11/23 09:20:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/22 13:00:23 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/11/22 10:29:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dot\Desktop\OTL.exe
[2010/11/21 13:59:03 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\d7gnb2f4.exe
[2010/11/21 13:47:35 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\p15ipksk.exe
[2010/11/21 13:14:34 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\dds.scr
[2010/11/20 17:20:52 | 000,006,188 | -H-- | M] () -- C:\Documents and Settings\Dot\My Documents\Picasa.ini
[2010/11/19 19:02:37 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Brmfcmon.ini
[2010/11/19 19:02:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\¼
[2010/11/16 18:31:06 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to Downloads.lnk
[2010/11/16 17:39:51 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\project7_06.xls
[2010/11/15 08:29:35 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/11/14 20:40:59 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/14 20:40:59 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/14 20:40:59 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\IObit Freeware.url
[2010/11/14 15:20:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/14 15:01:56 | 000,000,989 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2010/11/11 06:57:42 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/11/08 19:55:30 | 000,486,360 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/08 19:55:29 | 000,089,412 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/11/08 10:02:17 | 000,002,442 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2010/11/06 09:06:55 | 000,118,415 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\epohelp.htm
[2010/11/05 18:21:49 | 000,015,796 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\STOPzilla Black List Contents.htm
[2010/11/04 18:01:50 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/04 13:24:12 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Google Chrome.lnk
[2010/11/04 13:24:12 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Dot\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/03 05:58:35 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Dot\My Documents\litterbox.xls
[2010/11/03 05:47:39 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/11/02 18:04:28 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to firefox.exe.lnk

========== Files Created - No Company Name ==========

[2010/11/28 07:36:39 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to TFC.lnk
[2010/11/24 19:07:07 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/24 18:35:35 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/23 10:55:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/23 10:00:33 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to jre-6u22-windows-i586.lnk
[2010/11/21 13:59:01 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\d7gnb2f4.exe
[2010/11/21 13:47:34 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\p15ipksk.exe
[2010/11/21 13:14:19 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\dds.scr
[2010/11/19 19:02:37 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Brmfcmon.ini
[2010/11/19 19:02:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\¼
[2010/11/16 18:31:06 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to Downloads.lnk
[2010/11/14 20:40:59 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/11/14 20:40:59 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/11/14 15:20:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/10 19:58:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/06 09:06:45 | 000,118,415 | ---- | C] () -- C:\Documents and Settings\Dot\My Documents\epohelp.htm
[2010/11/05 17:51:13 | 000,015,796 | ---- | C] () -- C:\Documents and Settings\Dot\My Documents\STOPzilla Black List Contents.htm
[2010/11/04 18:01:50 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/02 18:04:28 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Dot\Desktop\Shortcut to firefox.exe.lnk
[2010/10/11 20:05:23 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\fusioncache.dat
[2010/08/12 14:58:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\prvlcl.dat
[2010/07/13 21:55:49 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/13 10:38:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/13 10:37:55 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/13 10:37:55 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/13 10:37:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/03/13 10:37:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/09 09:50:00 | 002,128,896 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2009/12/14 23:30:45 | 002,130,944 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\cooliris-win-ie-release-1.11.6.31225.en-US.msi
[2009/10/14 13:17:41 | 002,124,288 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\cooliris-win-ie-release-1.11.5.29501.en-US.msi
[2009/10/05 18:49:06 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/17 10:15:54 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\kodakpcd.ini
[2008/04/03 10:16:55 | 000,001,588 | ---- | C] () -- C:\WINDOWS\debugrcfile.ini
[2008/03/26 06:41:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/02/11 14:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/02/20 20:59:37 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/11/08 20:26:19 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/27 22:17:29 | 000,023,295 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\Comma Separated Values (Windows).ADR
[2006/10/27 22:16:25 | 000,038,458 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\Comma Separated Values (DOS).ADR
[2006/07/30 16:44:03 | 000,000,219 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI
[2006/05/29 05:15:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/03/01 19:51:47 | 000,002,442 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2006/02/10 09:19:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/01 22:14:55 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2005/11/24 11:04:01 | 000,000,054 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/11/13 20:22:41 | 000,000,315 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2005/07/08 11:03:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/07/08 10:20:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\POTATO.INI
[2005/07/08 08:04:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/04/24 21:51:42 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2005/04/24 21:51:41 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/04/24 18:40:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/04/24 18:39:32 | 000,001,549 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2005/04/24 18:39:32 | 000,000,551 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/04/24 18:39:32 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2005/04/24 18:39:32 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/04/24 18:39:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2005/04/24 18:29:22 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/03/09 10:07:51 | 000,004,271 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/25 10:08:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/16 13:25:59 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/01 16:44:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/12/04 21:14:45 | 000,000,053 | ---- | C] () -- C:\WINDOWS\zbj22.ini
[2004/11/26 14:45:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/11/26 14:45:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/11/26 14:45:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/11/26 14:42:47 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/11/26 14:37:13 | 000,000,962 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/11/26 14:37:05 | 000,000,201 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2004/11/24 17:31:00 | 000,001,084 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/11/24 12:47:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/09/22 07:49:04 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Chatrm.INI
[2004/09/22 07:48:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DRAGHOOK.dll
[2004/09/22 07:48:44 | 000,000,362 | ---- | C] () -- C:\WINDOWS\cribbage.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\spades.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pinochle.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hearts.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\gin.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\gammon.ini
[2004/09/22 07:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\euchre.ini
[2004/09/07 18:59:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\dm.ini
[2004/09/03 19:09:15 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/09/01 15:39:47 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\PFP120JPR.{PB
[2004/09/01 15:39:47 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dot\Application Data\PFP120JCM.{PB
[2004/09/01 11:27:59 | 000,000,163 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2004/09/01 06:44:27 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\Dot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/28 08:55:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/28 08:48:16 | 000,000,839 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/28 08:36:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/28 08:26:04 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 15:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 11:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 10:58:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/19 15:37:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/19 11:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[1996/12/03 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/03 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/12/31 22:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/01/21 13:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGI
[2008/06/07 06:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atrise
[2010/11/16 19:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/29 08:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/29 09:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/05 16:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/09/29 07:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/08/13 19:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/02/10 09:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/05/11 07:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2005/04/24 18:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/11/28 07:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/02/01 22:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/30 20:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2007/01/23 09:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/14 16:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 13:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/02/08 15:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/08/17 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Acreon
[2010/03/15 21:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\ActiveState
[2005/12/17 15:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Allume Systems
[2010/08/10 19:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\AnvSoft
[2010/08/10 17:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Any Video Converter
[2010/10/11 21:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\AVG
[2010/09/29 09:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\AVG10
[2010/11/28 07:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\iGive_Toolbar
[2010/01/18 19:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\IObit
[2005/01/09 17:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Jasc
[2008/03/10 22:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\KompoZer
[2005/01/05 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Leadertech
[2009/01/15 20:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\MPEG Streamclip
[2007/05/31 14:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Nvu
[2010/11/03 06:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\PCDr
[2006/03/11 20:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\PDF reDirect
[2006/05/11 06:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\River Past G4
[2006/05/11 06:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\RiverPast G4
[2005/04/25 07:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\ScanSoft
[2010/03/25 12:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\scriptocean
[2008/08/19 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Search Settings
[2008/11/07 11:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Skinux
[2009/02/12 09:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Snapfish
[2006/04/05 15:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Template
[2010/08/03 14:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Tific
[2010/10/05 16:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Uniblue
[2007/06/03 18:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dot\Application Data\Viewpoint
[2010/11/28 07:40:38 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2010/11/22 13:00:23 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



< End of report>
Thank you, Melboy!
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 28th, 2010, 2:06 pm

Hi Dorothy


First a bit of advice on a some of programs you have installed.



Registry Cleaners + "Tweak" Tools

Re. Iobit Advanced SystemCare 3

As well that company (Iobit) having ethical issues, I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools. They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.

Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though.
Stopping services & setting policies can speed up your machine ..... as long as you stop & set the right ones, & even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, & not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing & what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

For more Information, see what Miekiemoes (Malwarebytes Corp. Asst.Director of Research) has to say >> http://miekiemoes.blogspot.com/2008/02/ ... ng_13.html

--------------------------

STOPzilla

It's not very good in my opinion. If you are going to spend money on an application there are far better programs to spend your money on. I would uninstall it.


============================================


Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are. If not, please continue with the instructions below.


OTL by OldTimer

  • Double-click OTL.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


===========================================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Clear Infected System Restore Points

  • Turn System Restore off
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer
    -
  • Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck Turn off System Restore on all drives.
  • Click Apply
  • Click each drive in turn where system restore is not required and click Settings
    Note: System restore is only needed on drives with an operating system installed
  • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
Note: only do this once, and not on a regular basis


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    Suggestions:

    [Please note that trial pay is not needed to get any product for free.]


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Many.Many, Many, Many thanks to you, Doctor Melboy!

Unread postby Dorothy » November 28th, 2010, 4:35 pm

Actually, I can't thank you enough. It's clear that you've put a HUGE amount of effort into training yourself to help victims like me, and I'm so grateful for that. You obviously know the frustration of having a computer that's gone astray or you wouldn't have gone to all the effort to learn how to fight it, but the fact that you so generously share that with other saps like me who are pretty much clueless, is just remarkable and I hope your generosity comes back to you in many ways. Bless your heart and all the people at this website who provided your training and this wonderful venue. I learned a lot in the process and am changing many practices. For example: The new password on my router couldn't be cracked by the CIA! --- Generic "admin" no more! :lol:

I've followed your final instructions (got a few more things to install) and it feels good to know I'm not a sitting duck without a paddle --mixing metaphors! :-) ha!
I want to mention that the other computer on our network is reaping the benefits of the fix on the DNS, but I will probably be starting this whole process with that one too to make sure there isn't a lot of junk on there as well. Will have my spouse register and do that (with my help) so as not to be confusing.
One add'l question: Should I also be running HijackThis or any of those other tools you used in my diagnosis?

Thanks again, good man. Words can't express it! You're a super person!
Sincerely,
Dorothy
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm

Re: Help wanted!

Unread postby melboy » November 28th, 2010, 6:28 pm

You're most welcome, Dorothy! :)


Dorothy wrote:One add'l question: Should I also be running HijackThis or any of those other tools you used in my diagnosis?

No, those are specialist diagnostic tools that we use and are updated regularly. Should you ever need to submit a malware removal request again, a helper will require you download the most up to date versions. Hopefully it won't come to that again! :D

Any more questions?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help wanted!

Unread postby Dorothy » November 28th, 2010, 7:00 pm

No more questions. I'm good! Have lots to read with the links you sent. Again, my warmest thanks!
Now you TAKE A BREAK!

All the best,
Dorothy
Dorothy
Regular Member
 
Posts: 49
Joined: November 16th, 2010, 8:36 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware