DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by Jeremy_2 at 1:16:12 on 2012-10-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.2998 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\OSD\OSD_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\lxcgcoms.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Windows\system32\UI0Detect.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\OSD\OSD_Main.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://armorgames.com/
BHO: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FAStartup] <no file>
StartupFolder: C:\Users\Jeremy_2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{0ADDBD60-3DBF-41BC-B2E5-23DEBFCBBA41} : NameServer = 75.75.76.76,75.75.75.75
TCP: Interfaces\{0ADDBD60-3DBF-41BC-B2E5-23DEBFCBBA41}\6465F57455543545 : DHCPNameServer = 162.96.13.112 162.96.13.115
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 ioatdma;Intel(R) QuickData Technology device;C:\Windows\System32\drivers\ioatdma.sys [2010-6-24 46792]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-1 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-1 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121016.001\IDSviA64.sys [2012-10-17 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-1 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-1 405624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2010-6-24 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-24 202752]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-7-29 1692480]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-6-24 25136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-6-24 6368256]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-6-24 188416]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-6-24 294064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-11 138912]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-7-13 69736]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-4-26 121416]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\OSD\WinRing0x64.sys [2008-7-26 14544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2009-7-1 33448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250808]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-29 35104]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2010-6-24 43416]
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2010-6-24 51096]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2010-6-24 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2010-6-24 42192]
S3 iSSetup;iSSetup;C:\Windows\System32\drivers\iSSetup.sys [2010-6-24 178400]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-7-14 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-7-14 16008]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-4-14 103336]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-5-21 15672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-21 1255736]
.
=============== Created Last 30 ================
.
2012-10-17 03:54:01 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-15 21:54:48 20480 ----a-w- C:\Windows\svchost.exe
2012-10-15 08:07:08 -------- d-----w- C:\Program Files\Microsoft Device Center
2012-10-15 08:05:26 -------- d-----w- C:\ab87941e33fb37008aad298d
2012-10-15 05:35:53 -------- d-----w- C:\Windows\pss
2012-10-12 04:17:47 -------- d-----w- C:\Users\Jeremy_2\AppData\Roaming\Stardock
2012-10-12 04:17:47 -------- d-----w- C:\Users\Jeremy_2\AppData\Local\GameStop
2012-10-12 04:17:40 -------- d-----w- C:\ProgramData\Gibraltar
2012-10-12 04:17:21 -------- d-----w- C:\ProgramData\GameStop
2012-10-12 04:17:21 -------- d-----w- C:\Program Files (x86)\GameStop App
2012-10-12 04:17:03 -------- dc----w- C:\ProgramData\{DBC37C60-8694-40C3-94C6-5AC354153704}
2012-10-12 04:16:46 -------- d-----w- C:\Users\Jeremy_2\AppData\Local\PackageAware
2012-10-12 04:16:10 -------- d-----w- C:\ProgramData\Stardock
2012-10-10 13:38:05 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2012-10-10 13:37:53 -------- d-----w- C:\ProgramData\iolo
2012-10-02 04:57:44 -------- d-----w- C:\Program Files (x86)\RAPTOR
2012-10-02 02:00:13 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys
2012-10-02 02:00:13 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys
2012-10-02 02:00:13 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys
2012-10-02 02:00:13 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys
2012-10-02 02:00:13 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys
2012-10-02 02:00:13 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys
2012-10-02 02:00:12 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys
2012-10-02 02:00:05 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009
2012-09-29 22:36:01 -------- d-----w- C:\$RECYCLE.BIN
2012-09-28 19:07:32 145920 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxcgpp6c.dll
2012-09-28 18:46:51 -------- d-----w- C:\ProgramData\Dell V310-V510 Series
2012-09-27 15:08:51 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-27 15:08:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-27 15:08:04 -------- d-----w- C:\Program Files\iPod
2012-09-27 15:08:04 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-27 15:08:03 -------- d-----w- C:\Program Files\iTunes
2012-09-27 04:18:54 98816 ----a-w- C:\Windows\sed.exe
2012-09-27 04:18:54 256000 ----a-w- C:\Windows\PEV.exe
2012-09-27 04:18:54 208896 ----a-w- C:\Windows\MBR.exe
2012-09-26 02:45:35 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-22 08:40:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-22 08:40:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
.
==================== Find3M ====================
.
2012-10-09 03:40:29 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 03:40:29 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-07 07:48:54 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-10-01 18:56:18 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-01 18:56:18 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-13 23:54:46 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-09-13 23:41:30 90824 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2012-09-13 23:41:30 109256 ----a-w- C:\Windows\SysWow64\EasyHook64.dll
2012-09-13 21:27:20 293376 ----a-w- C:\Windows\SysWow64\wisptis.exe
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-08-02 02:50:18 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-02 02:50:18 839152 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 1:17:48.47 ===============


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-17 01:19:08
-----------------------------
01:19:08.614 OS Version: Windows x64 6.1.7601 Service Pack 1
01:19:08.614 Number of processors: 4 586 0x2502
01:19:08.618 ComputerName: JEREMY-PC UserName: Jeremy_2
01:19:13.518 Initialize success
01:24:30.814 AVAST engine defs: 12101601
01:24:34.556 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:24:34.565 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 3
01:24:34.573 Device \Driver\iaStor -> MajorFunction fffffa80068fe5e8
01:24:34.583 Disk 0 MBR read successfully
01:24:34.592 Disk 0 MBR scan
01:24:34.609 Disk 0 Windows VISTA default MBR code
01:24:34.620 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
01:24:34.797 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
01:24:35.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30800325
01:24:36.628 Disk 0 scanning C:\Windows\system32\drivers
01:25:47.132 Service scanning
01:26:35.617 Modules scanning
01:26:35.633 Disk 0 trace - called modules:
01:26:35.664 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80068fe5e8]<<
01:26:35.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065af060]
01:26:35.680 3 CLASSPNP.SYS[fffff880015ae43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062f3050]
01:26:35.695 \Driver\iaStor[0xfffffa80068a2d90] -> IRP_MJ_CREATE -> 0xfffffa80068fe5e8
01:26:39.471 AVAST engine scan C:\Windows
01:26:43.059 AVAST engine scan C:\Windows\system32
01:35:27.959 AVAST engine scan C:\Windows\system32\drivers
01:36:15.946 AVAST engine scan C:\Users\Jeremy_2
02:01:21.344 AVAST engine scan C:\ProgramData
02:41:19.750 Scan finished successfully
02:42:37.185 Disk 0 MBR has been saved successfully to "C:\Users\Jeremy_2\Desktop\MBR.dat"
02:42:37.209 The log file has been saved successfully to "C:\Users\Jeremy_2\Desktop\aswMBR.txt"


Thanks for the help.

Hi Altiery, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.


Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg

Click the Start Scan button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg

If a suspicious object is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

All i have is a folder with more folders in it, so i compressed it and added it. I hope that is what you were looking for, otherwise i did not find any other folders with tdsskiller name on it.

Hi Altiery,

That lloks like the TDSSKiller quarantined folder. I can't download it because my AV detects it so it would seem TDSSK did find something and removed it.

Before we carry on please have one more look for the log so we can see exactly what was removed. You are looking for a file not a folder. It should have been created at C:\. Depending on your settings you mght not be able to see the file extention.

Click on the Windows Explorer icon on the taskbar
When it opens click the Organize button
click folder and search options
click the View tab
uncheck hide extentions for known file types
click apply, click ok

The file name is TDSSKiller.[Version]_[Date]_[Time]_log.txt. Any luck?

Yeah i found it, i must have missed skiming trought the list. I had a third but it is 145 kb and cant compress it says that it is being used.

Hi Altiery,

That's a pretty big log not sure why it would be in use. Have you rebooted the computer since you ran TDSSK?

Yes, I never leave my computer over night.

Hi Altiery,


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Right click on ComboFix.exe, click Run as Administrator & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. If after running combofix you recieve an message "Illegal operation attempted on a registery key that has been marked for deletion" or similar reboot the computer.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

Thanks

Here is the combofix log.

Hi Altiery,

How's the computer?

This looks pretty good. Please rerun aswMBR and post the log.

Thanks

The computer is working great, thank you so much for your time.


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 14:31:08
-----------------------------
14:31:08.933 OS Version: Windows x64 6.1.7601 Service Pack 1
14:31:08.933 Number of processors: 4 586 0x2502
14:31:08.933 ComputerName: JEREMY-PC UserName: Jeremy_2
14:31:11.850 Initialize success
14:31:32.613 AVAST engine defs: 12102302
14:31:55.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:31:55.280 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 3
14:31:55.389 Disk 0 MBR read successfully
14:31:55.405 Disk 0 MBR scan
14:31:55.405 Disk 0 Windows VISTA default MBR code
14:31:55.436 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:31:55.483 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
14:31:55.514 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30800325
14:31:55.764 Disk 0 scanning C:\Windows\system32\drivers
14:32:38.291 Service scanning
14:33:13.032 Modules scanning
14:33:13.047 Disk 0 trace - called modules:
14:33:13.079 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:33:13.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800658d060]
14:33:13.110 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062d9050]
14:33:15.153 AVAST engine scan C:\Windows
14:33:23.811 AVAST engine scan C:\Windows\system32
14:38:59.665 AVAST engine scan C:\Windows\system32\drivers
14:39:25.672 AVAST engine scan C:\Users\Jeremy_2
14:54:50.187 AVAST engine scan C:\ProgramData
15:00:09.232 Scan finished successfully
15:06:04.571 Disk 0 MBR has been saved successfully to "C:\Users\Jeremy_2\Desktop\MBR.dat"
15:06:04.586 The log file has been saved successfully to "C:\Users\Jeremy_2\Desktop\aswMBR.txt"
15:06:24.372 Disk 0 MBR has been saved successfully to "C:\Users\Jeremy_2\Documents\MBR.dat"
15:06:24.387 The log file has been saved successfully to "C:\Users\Jeremy_2\Documents\aswMBR.txt"

Hi Altiery,

Looks good. A couple more scans to make sure we got everything and we can clean up.

You have some old java installed Click start > Control pane. Under programs click uninstall a program and uninstall

Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 31
Java(TM) 7 Update 5 (64-bit)

Do not uninstall Java 7 Update 9

You can get the newest 64BIT version from HERE (http://www.oracle.com/technetwork/java/javase/downloads/java-se-jre-7-download-432155.html) It's the last one in the list.


Accept the License Agreement
Download the last file in the list jre-7-windows-x64.exe
double click the files one at a time to install them
Decline any additional installs that may be offered during the update.



Next

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean





Next

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM


Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



One more scan to check our handiwork.

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.


*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.

Push the back button.
Push Finish
Re-enable your Antivirus software.


Please post back with
MBAM log
ESET log is there is one
Everything still ok?

The computer is working great.
heres the logs you wanted

Hi Altiery,

I do believe you are good to go. The ESET detections are files we have all ready quarantined and will be removed when we remove the tools.

We'll clean up the tools now.

From your desktop, please delete, if present
any notepads/logs that we created
aswMBR.exe
mbr.zip
mbr.dat
TDSSKiller
You can also delete this folder C:\TDSSKiller_Quarantine and these files TDSSKiller.2.8.13.0_21.10.2012_22.20.14_log.txt and TDSSKiller.2.8.13.0_21.10.2012_22.29.12_log.txt from C:\


Next

Click the Start button. Copy and paste the following line into the search box and click OK


Combofix /uninstall



Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.

You can keep TFC if you want to.



Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)

You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources. If you choose to use Foxit decline the FoxIt Toolbar that may be offered during the install.

Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)

In either case you should uninstall Adobe Reader 9.1.2 first. Be sure to move any PDF documents to another folder first though.



Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now.

You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)

Please post back if you have any problems.

Take care