Hi,

I just got my daughters PC maleware removed. Now my PC shows signs of Trojan-Downloader:W32 from scanning with F-Secure

Br

My DDS file:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Johan Ohlsson at 20:07:15,28 on 2010-07-20
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2046.1310 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\F-Secure\Common\FSMB32.EXE
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Common\FNRB32.EXE
C:\Program\F-Secure\Common\FIH32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\D-Tools\daemon.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Java\Java Update\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\RealVNC\WinVNC\winvnc.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\MINILOG.EXE
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Johan Ohlsson\Skrivbord\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aftonbladet.se/
uDefault_Page_URL = hxxp://www.euro.dell.com/countries/se/sve/gen/default.htm
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Sonic RecordNow!]
uRun: [SpybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program\delade filer\sonic\update manager\sgtray.exe" /r
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash
mRun: [DAEMON Tools-1033] "c:\program\d-tools\daemon.exe" -lang 1033
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [mxomssmenu] "c:\program\maxtor\onetouch status\maxmenumgr.exe"
mRun: [SunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"
mRun: [bacstray] BacsTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\johano~1\start-~1\program\autost~1\runvnc~1.lnk - c:\program\realvnc\winvnc\winvnc.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\zoneal~1.lnk - c:\program\zone labs\zonealarm\zapro.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167075589921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/SassCln.CAB
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: {3A8E9A31-34BA-41F9-A040-4AAE9B49A1C2} = 192.168.0.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2004-2-3 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2004-2-3 5248]
R2 BackWeb Client - 7681197;F-Secure BackWeb;c:\program\f-secure\backweb\7681197\program\SERVIC~1.EXE [2004-1-15 16384]
R2 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\FSfilter.sys [2004-1-15 48336]
R2 F-Secure Gatekeeper Handler Starter;F-Secure Gatekeeper Handler Starter;c:\program\f-secure\anti-virus\fsgk32st.exe [2004-1-15 45056]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\win2k\fsgk.sys [2004-1-15 41488]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\FSrec.sys [2004-1-15 16048]
R2 FSpm;F-Secure Policy Manager;c:\program\f-secure\common\FSpm.sys [2004-1-15 65328]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-2-12 100816]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program\f-secure\common\FNRB32.exe [2004-1-15 110668]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 F-Secure BackWeb LAN Access;F-Secure BackWeb LAN Access;c:\program\f-secure\backweb\7681197\program\fsbwlan.exe [2004-1-15 39936]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]

=============== Created Last 30 ================

2010-07-20 07:47:43 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-07-14 05:31:17 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 08:10:15 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 08:10:15 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2008-05-15 17:30:46 32768 -csha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008051520080516\index.dat

============= FINISH: 20:08:13,42 ===============

F-Secure Scan:

Genomsökningsrapport
Tisdag, Juli 20, 2010 13:47:27 - 16:40:39
Datornamn: SERVER-DELL-P4
Genomsökningstyp: Genomsök målet efter skadeprogram, spionprogram och rootkit
Mål: C:\Documents and Settings\Johan Ohlsson


--------------------------------------------------------------------------------

3 skadeprogram hittades
Trojan-Downloader:W32/Small.HEK (virus)
C:\Documents and Settings\Johan Ohlsson\Lokala inställningar\Temp\jar_cache9004187234792100488.tmp\sunos\Globales.class (Inte rensad)
Trojan-Downloader:W32/Agent.DJPT (virus)
C:\Documents and Settings\Johan Ohlsson\Lokala inställningar\Temp\jar_cache9004187234792100488.tmp\sunos\Manuals.class (Inte rensad)
Trojan-Downloader:W32/Small.HEL (virus)
C:\Documents and Settings\Johan Ohlsson\Lokala inställningar\Temp\jar_cache9004187234792100488.tmp\sunos\Support.class (Inte rensad)

--------------------------------------------------------------------------------

Hi

Lets do this since your DDS log is a bit old.


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Hi,
Thanks for helping me. For your information i have used tfc.exe (temp file cleaner) after posting here. I have not seen any suspicious after that. Hope you can verify that

OTL.txt:

OTL logfile created on: 2010-08-01 11:44:28 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Johan Ohlsson\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 19,53 Gb Total Space | 7,72 Gb Free Space | 39,54% Space Free | Partition Type: NTFS
Drive D: | 92,19 Gb Total Space | 50,88 Gb Free Space | 55,19% Space Free | Partition Type: NTFS
Drive E: | 189,92 Gb Total Space | 40,82 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive F: | 189,92 Gb Total Space | 35,49 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 781,32 Gb Free Space | 83,88% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SERVER-DELL-P4
Current User Name: Johan Ohlsson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Johan Ohlsson\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\Program\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe ()
PRC - C:\Program\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe ()
PRC - C:\Program\D-Tools\daemon.exe (DAEMON'S HOME)
PRC - C:\Program\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corp.)
PRC - C:\Program\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corp.)
PRC - C:\Program\SpywareGuard\sgmain.exe ()
PRC - C:\Program\SpywareGuard\sgbhp.exe ()
PRC - C:\WINDOWS\SYSTEM32\BacsTray.exe (Broadcom Corporation)
PRC - C:\Program\F-Secure\Common\FSMA32.exe (F-Secure Corporation)
PRC - C:\Program\F-Secure\Common\FSLAUNCH.exe (F-Secure Corporation)
PRC - C:\Program\RealVNC\WinVNC\winvnc.exe (RealVNC Ltd.)
PRC - C:\WINDOWS\SYSTEM32\ZoneLabs\minilog.exe (Zone Labs Inc.)
PRC - C:\Program\Zone Labs\ZoneAlarm\zapro.exe (Zone Labs Inc.)
PRC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (Zone Labs Inc.)
PRC - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Johan Ohlsson\Skrivbord\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\Temp\IadHide4.dll (BackWeb)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (MaxBackServiceInt) -- C:\Program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (Seagate)
SRV - (Maxtor Sync Service) -- C:\Program\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (IDriverT) -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (F-Secure BackWeb LAN Access) -- C:\Program\F-Secure\BackWeb\7681197\Program\fsbwlan.exe ()
SRV - (BackWeb Client - 7681197) -- C:\Program\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe ()
SRV - (FSAA) -- C:\Program\F-Secure\Common\FSAA.EXE (F-Secure Corporation. All Rights Reserved.)
SRV - (F-Secure Network Request Broker) -- C:\Program\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
SRV - (FSMA) -- C:\Program\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (minilog) -- C:\WINDOWS\System32\ZoneLabs\minilog.exe (Zone Labs Inc.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs Inc.)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corp.)


========== Driver Services (SafeList) ==========

DRV - (Net6IM) -- C:\WINDOWS\System32\DRIVERS\net6im51.sys File not found
DRV - (iAimTV2) -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys File not found
DRV - (PSI) -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys (Secunia)
DRV - (NwlnkIpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (MXOPSWD) -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (d344bus) -- C:\WINDOWS\System32\DRIVERS\d344bus.sys ( )
DRV - (d344prt) -- C:\WINDOWS\System32\Drivers\d344prt.sys ( )
DRV - (F-Secure Gatekeeper) -- C:\Program\F-Secure\Anti-Virus\win2k\fsgk.sys ()
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (F-Secure Filter) -- C:\Program\F-Secure\Anti-Virus\win2k\FSfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program\F-Secure\Anti-Virus\win2k\FSrec.sys ()
DRV - (FSpm) -- C:\Program\F-Secure\Common\FSpm.sys (F-Secure Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS (Microsoft Corporation)
DRV - (vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Zone Labs Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program\Java\jre6\lib\deploy\jqs\ff [2008-12-10 21:31:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010-08-01 11:22:14 | 000,417,147 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14400 more lines...
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Oracle)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll (Oracle)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Oracle)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Länkar) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [bacstray] C:\WINDOWS\System32\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program\NOS\bin\getPlus_Helper_3004.DLL (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\ZoneAlarm Pro.lnk = C:\Program\Zone Labs\ZoneAlarm\zapro.exe (Zone Labs Inc.)
O4 - Startup: C:\Documents and Settings\Johan Ohlsson\Start-meny\Program\Autostart\Run VNC Server.lnk = C:\Program\RealVNC\WinVNC\winvnc.exe (RealVNC Ltd.)
O4 - Startup: C:\Documents and Settings\Johan Ohlsson\Start-meny\Program\Autostart\SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167075589921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (SassCln Object)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002-10-01 12:39:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-07-02 07:30:04 | 000,000,045 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{cb18cf75-2a08-11df-98df-000d5652df66}\Shell - "" = AutoRun
O33 - MountPoints2\{cb18cf75-2a08-11df-98df-000d5652df66}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-08-01 11:43:17 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\OTL.exe
[2010-08-01 11:26:00 | 000,000,000 | ---D | C] -- C:\Program\NOS
[2010-08-01 11:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010-08-01 11:17:46 | 000,000,000 | ---D | C] -- C:\Program\Spybot - Search & Destroy
[2010-08-01 10:43:49 | 000,000,000 | ---D | C] -- C:\Program\Secunia
[2010-08-01 10:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Microsoft Security Essentials 1.0.1963.0
[2010-07-29 18:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Apple
[2010-07-28 09:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-07-25 23:48:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\HiJackThis.exe
[2010-07-25 22:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johan Ohlsson\Application Data\Auslogics
[2010-07-25 22:32:18 | 000,000,000 | ---D | C] -- C:\Program\Auslogics
[2010-07-25 21:01:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\TFC.exe
[2010-07-25 20:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010-07-25 20:39:25 | 000,000,000 | ---D | C] -- C:\Program\Panda USB Vaccine
[2010-07-25 20:36:39 | 000,000,000 | ---D | C] -- C:\Program\SpywareGuard
[2010-07-24 02:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-07-24 02:21:24 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2010-07-24 02:21:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2010-07-24 02:21:23 | 000,000,000 | ---D | C] -- C:\Program\SpywareBlaster
[2010-07-24 02:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johan Ohlsson\Lokala inställningar\Application Data\Apple
[2010-07-24 01:44:02 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010-07-24 01:44:01 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010-07-24 01:44:01 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010-07-24 01:44:01 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010-07-24 00:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johan Ohlsson\Application Data\Malwarebytes
[2010-07-24 00:42:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-24 00:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-07-24 00:42:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-24 00:42:30 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2010-07-20 09:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-07-20 09:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Kaspersky
[2010-07-14 07:31:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010-07-07 16:05:32 | 000,014,904 | ---- | C] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys
[2004-02-03 08:15:09 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys
[2004-02-03 08:15:09 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys

========== Files - Modified Within 30 Days ==========

[2010-08-01 11:43:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\OTL.exe
[2010-08-01 11:22:14 | 000,417,147 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010-08-01 11:17:56 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-08-01 11:17:56 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Spybot - Search & Destroy.lnk
[2010-08-01 11:14:37 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010-08-01 11:14:04 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2010-08-01 11:13:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-01 11:13:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010-08-01 11:13:41 | 2145,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-01 11:12:50 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Johan Ohlsson\NTUSER.DAT
[2010-08-01 11:12:50 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Johan Ohlsson\NTUSER.INI
[2010-08-01 10:44:04 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Secunia PSI.lnk
[2010-08-01 10:38:34 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93708E07-5CF4-4B79-8EBB-1FF0B43F60F9}.job
[2010-08-01 10:00:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2010-07-31 19:00:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy.job
[2010-07-28 09:51:33 | 000,000,517 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010-07-28 09:51:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010-07-28 09:51:33 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010-07-25 23:48:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\HiJackThis.exe
[2010-07-25 22:32:20 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Auslogics Disk Defrag.lnk
[2010-07-25 20:36:41 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\SpywareGuard LiveUpdate.lnk
[2010-07-25 20:36:41 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Start-meny\Program\Autostart\SpywareGuard.lnk
[2010-07-25 20:32:12 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Flash_Disinfector.exe
[2010-07-24 02:21:25 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\SpywareBlaster.lnk
[2010-07-24 02:13:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-07-24 02:13:29 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010-07-24 01:28:42 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\TFC.exe
[2010-07-24 00:42:38 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-07-21 14:04:51 | 000,416,262 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100801-112214.backup
[2010-07-20 20:11:53 | 000,002,774 | ---- | M] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Attach.zip
[2010-07-18 20:37:24 | 000,413,662 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100721-140450.backup
[2010-07-18 14:37:34 | 004,833,770 | -H-- | M] () -- C:\Documents and Settings\Johan Ohlsson\Lokala inställningar\Application Data\IconCache.db
[2010-07-14 08:21:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-07-07 16:05:32 | 000,014,904 | ---- | M] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys

========== Files Created - No Company Name ==========

[2010-08-01 11:17:56 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-08-01 11:17:56 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Spybot - Search & Destroy.lnk
[2010-08-01 11:15:09 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Secunia PSI.lnk
[2010-07-25 22:32:20 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Auslogics Disk Defrag.lnk
[2010-07-25 20:39:26 | 000,000,504 | ---- | C] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2010-07-25 20:36:41 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\SpywareGuard LiveUpdate.lnk
[2010-07-25 20:36:41 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Start-meny\Program\Autostart\SpywareGuard.lnk
[2010-07-25 20:32:11 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Flash_Disinfector.exe
[2010-07-24 02:21:25 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\SpywareBlaster.lnk
[2010-07-24 02:13:29 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010-07-24 02:13:29 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010-07-24 00:42:38 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-07-20 20:11:53 | 000,002,774 | ---- | C] () -- C:\Documents and Settings\Johan Ohlsson\Skrivbord\Attach.zip
[2010-01-24 01:13:16 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008-12-21 20:15:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005-07-18 19:14:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004-01-17 01:15:47 | 000,000,059 | ---- | C] () -- C:\WINDOWS\PestPatrol.ini
[2004-01-06 22:39:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004-01-06 22:35:55 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004-01-06 22:06:12 | 000,000,618 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003-12-27 21:43:24 | 000,068,608 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003-08-14 01:04:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010-07-20 09:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008-12-13 15:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010-07-25 20:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010-07-25 21:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-07-25 22:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johan Ohlsson\Application Data\Auslogics
[2004-01-29 19:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johan Ohlsson\Application Data\GlobalSCAPE
[2009-05-12 21:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johan Ohlsson\Application Data\Leadertech
[2010-06-10 01:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johan Ohlsson\Application Data\Spotify
[2010-08-01 10:00:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job
[2010-06-05 10:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\Genomsök alla lokala hårddiskar.job
[2010-08-01 11:14:04 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\PandaUSBVaccine.job
[2010-08-01 10:38:34 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{93708E07-5CF4-4B79-8EBB-1FF0B43F60F9}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Johan Ohlsson\Skrivbord\HH.txt:SummaryInformation
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Extras.txt:

OTL Extras logfile created on: 2010-08-01 11:44:28 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Johan Ohlsson\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 19,53 Gb Total Space | 7,72 Gb Free Space | 39,54% Space Free | Partition Type: NTFS
Drive D: | 92,19 Gb Total Space | 50,88 Gb Free Space | 55,19% Space Free | Partition Type: NTFS
Drive E: | 189,92 Gb Total Space | 40,82 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive F: | 189,92 Gb Total Space | 35,49 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 781,32 Gb Free Space | 83,88% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SERVER-DELL-P4
Current User Name: Johan Ohlsson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program\RealVNC\WinVNC\winvnc.exe" = C:\Program\RealVNC\WinVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (RealVNC Ltd.)
"C:\Program\DC++\DCPlusPlus.exe" = C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program\Messenger\msmsgs.exe" = C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"D:\Mohaa\MOHAA.exe" = D:\Mohaa\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program\Qwix101\Qwix.exe" = C:\Program\Qwix101\Qwix.exe:*:Enabled:Qwix -- (Team Avalaunch)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program\mIRC\mirc.exe" = C:\Program\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe" = C:\Program\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe:*:Enabled:FTP Transfer Engine -- (GlobalSCAPE Texas, LP.)
"C:\Program\Spotify\spotify.exe" = C:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E4485CF-4CBE-4BEE-B0F9-51D7E489E2A0}" = Windows Rights Management-klient med Service Pack 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{83895843-3A51-4C93-9DF3-2BDB65C7E54A}" = DAEMON Tools
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6E70EDD-6255-4DB7-9A43-F54D8462D987}" = CuteFTP Pro 3.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management-klient bakåtkompatibilitet SP2
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-tillägg till Microsoft Windows XP-guiden Skriv till CD-skiva
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DC++" = DC++ 0.691
"F-Secure Anti-Virus" = F-Secure Anti-Virus
"F-Secure BackWeb" = F-Secure BackWeb
"F-Secure Management Agent" = F-Secure Management Agent
"G6 FTP Server" = G6 FTP Server (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Q903235" = Internet Explorer Q903235
"Secunia PSI" = Secunia PSI
"SetupPPUpdater" = SetupPPUpdater
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SpywareGuard_is1" = SpywareGuard v2.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinVNC_is1" = VNC 3.3.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Pro" = ZoneAlarm Pro

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-08-01 04:44:30 | Computer Name = SERVER-DELL-P4 | Source = crypt32 | ID = 131080
Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret
från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Fel: Åtgärden misslyckades eftersom tidsgränsen överskreds.

Error - 2010-08-01 05:09:39 | Computer Name = SERVER-DELL-P4 | Source = Application Error | ID = 1000
Description = Felaktigt program flashutil10h_activex.exe, version 10.1.53.64, felaktig
modul unknown, version 0.0.0.0, felaktig adress 0x1000e453.

Error - 2010-08-01 05:14:38 | Computer Name = SERVER-DELL-P4 | Source = True Vector Service | ID = 1
Description =

Error - 2010-08-01 05:15:11 | Computer Name = SERVER-DELL-P4 | Source = True Vector Service | ID = 1
Description =

Error - 2010-08-01 05:16:38 | Computer Name = SERVER-DELL-P4 | Source = crypt32 | ID = 131080
Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret
från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Fel: A connection with the server could not be established

Error - 2010-08-01 05:16:39 | Computer Name = SERVER-DELL-P4 | Source = crypt32 | ID = 131080
Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret
från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Fel: Den här nätverksanslutningen finns inte.

Error - 2010-08-01 05:39:15 | Computer Name = SERVER-DELL-P4 | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2010-08-01 11:39:15+02:00 server-dell-p4 SERVER-DELL-P4\Johan
Ohlsson F-Secure Anti-Virus Malicious code found in file C:\DOCUMENTS AND SETTINGS\JOHAN
OHLSSON\SKRIVBORD\TFC.EXE. Infection: PECompact

Error - 2010-08-01 05:42:44 | Computer Name = SERVER-DELL-P4 | Source = F-Secure Anti-Virus | ID = 103
Description = 2 2010-08-01 11:42:44+02:00 server-dell-p4 SERVER-DELL-P4\Johan
Ohlsson F-Secure Anti-Virus Malicious code found in file C:\DOCUMENTS AND SETTINGS\JOHAN
OHLSSON\SKRIVBORD\TFC.EXE. Infection: PECompact

Error - 2010-08-01 05:42:56 | Computer Name = SERVER-DELL-P4 | Source = F-Secure Anti-Virus | ID = 103
Description = 3 2010-08-01 11:42:56+02:00 server-dell-p4 SERVER-DELL-P4\Johan
Ohlsson F-Secure Anti-Virus Malicious code found in file C:\DOCUMENTS AND SETTINGS\JOHAN
OHLSSON\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\H9O6PDZY\OTL[1].EXE.

Infection: PECompact

Error - 2010-08-01 05:43:04 | Computer Name = SERVER-DELL-P4 | Source = F-Secure Anti-Virus | ID = 103
Description = 4 2010-08-01 11:43:04+02:00 server-dell-p4 SERVER-DELL-P4\Johan
Ohlsson F-Secure Anti-Virus Malicious code found in file C:\DOCUMENTS AND SETTINGS\JOHAN
OHLSSON\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\H9O6PDZY\OTL[1].EXE.

Infection: PECompact

[ System Events ]
Error - 2010-07-28 04:01:52 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7034
Description = Tjänsten F-Secure BackWeb avslutades oväntat. Detta har skett 1 gånger.

Error - 2010-07-28 04:01:52 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7034
Description = Tjänsten F-Secure Gatekeeper Handler Starter avslutades oväntat. Detta
har skett 1 gånger.

Error - 2010-07-28 04:01:53 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7034
Description = Tjänsten Java Quick Starter avslutades oväntat. Detta har skett 1
gånger.

Error - 2010-07-28 04:01:53 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7034
Description = Tjänsten F-Secure Management Agent avslutades oväntat. Detta har skett
1 gånger.

Error - 2010-07-28 04:01:53 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7034
Description = Tjänsten Maxtor Service avslutades oväntat. Detta har skett 1 gånger.

Error - 2010-07-28 04:01:53 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7034
Description = Tjänsten TrueVector Basic Logging Client avslutades oväntat. Detta
har skett 1 gånger.

Error - 2010-07-28 04:05:42 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7009
Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten MaxBackServiceInt
ska ansluta.

Error - 2010-07-28 04:05:42 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7023
Description = Tjänsten TrueVector Internet Monitor avbröts med följande fel: %%1056

Error - 2010-08-01 05:14:28 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7009
Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten MaxBackServiceInt
ska ansluta.

Error - 2010-08-01 05:14:28 | Computer Name = SERVER-DELL-P4 | Source = Service Control Manager | ID = 7023
Description = Tjänsten TrueVector Internet Monitor avbröts med följande fel: %%1056


< End of report >

OTL log looks fine. Those bad files where in a temp directory and when you ran TFC if removed them.

It looks like you also ran other tools like Malwarebytes and such, its best when you think your infected to just post and let us look at the logs and decide what program needs to be run.

Open Malwarebytes and on the logs tab, open the first log you ran on this computer prior to posting and copy and paste it for me to see. If the log was clean dont bother but let me know.



Lets update your Java to make your system more secure

Download the latest version Here (http://java.sun.com/javase/downloads/index.jsp) save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 21 <--The wording is confusing but this is what you need


Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)






Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Hi

Nothing found from Malwarebytes scan. Latest java installed

Logfile from Eset:

# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d15813dcdffb3a44ba2a5cff3eca09d2
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-01 01:43:27
# local_time=2010-08-01 03:43:27 (+0100, Västeuropa, sommartid)
# country="Sweden"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 5611 5611 0 0
# compatibility_mode=9217 16777214 75 18 140895630 274908652 0 0
# scanned=72211
# found=0
# cleaned=0
# scan_time=3432

Looks like your OK, how are things running now ?

Hi!

I haven't noticed any suspcious so far

Br

Great :bigthumb:





How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

Thanks for all the help Ken

I've been recommended using Microsoft Security Essentials along with Spybot (not the teatimer)
Harwarefirewall/router & windows firewall

Uninstall SpywareGuard and Spywareblaster

What is your opinion about that setup?

Br

Here are some free Firewalls, just pick one, if you install one then disable the Windows firewall, you just need one. These protect both inbound and outbound threats, the windows firewall just protects inbound.


Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp)
Sygate Personal Firewall Free Edition (http://www.filehippo.com/download_sygate_personal_firewall/[/url])
Outpost Firewall Free (http://www.agnitum.com/products/outpostfree/index.php)



SpywareGuard won't hurt, you can keep that one. SpywareBlaster does the same thing as the teatimer in spybot , you should not have them both. Keep Spybot, but if you enable the teatimer there is no need for SB.

Hope this helps

Hi

So you think i should use Microsoft Security Essentials with SpywareGuard and SpywareBlaster?

Br

I think that would be a nice combo, yes

Hi

OK i will try that out. You sure it won't be any conflict on that setup?

Br

Just remember that the Teatimer in Spybot and SpywareBlaster do the same thing , they will conflict, so if you keep Spybot installed just dont enable the teatimer. If you do enable the teatimer , just dont install Spyware Blaster. SpywareGuard is different, you can install that either way.