View Full Version : Can't fix host file
pack1977
2010-11-22, 00:59
After running scan, spy-bot can't fix host file
DDS Text:
DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Cole at 18:35:24.83 on Tue 11/16/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2251 [GMT -6:00]
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Cole\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {DEECAA46-8166-4572-8A97-7616E2929FBE} = 166.181.127.17 166.181.191.17
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
IFEO: image file execution options - svchost.exe
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 secure-plus-payments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\keshydxj.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-28 55280]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-6-28 18792]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1201000.025\SymDS64.sys [2010-11-8 450096]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1201000.025\SymEFA64.sys [2010-11-8 821808]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-3 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101115.001\IDSviA64.sys [2010-10-19 476720]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1201000.025\Ironx64.sys [2010-11-8 168496]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys [2010-11-8 381488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-29 202752]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-6-28 60928]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-11-8 126904]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-5-29 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-5-29 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-5-29 55808]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-28 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-28 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-5-29 23912]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-6-28 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-6-28 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-9 132656]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-29 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-29 151040]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-29 6952960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-29 239616]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-6 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-28 79360]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\System32\drivers\mfebopk.sys [2010-6-28 41032]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2010-6-28 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2010-6-28 49480]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-6-28 79360]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-4 1255736]
=============== Created Last 30 ================
2010-11-16 21:47:13 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-13 20:56:50 -------- d-----w- C:\Users\Cole\AppData\Roaming\SUPERAntiSpyware.com
2010-11-13 20:56:50 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-11-13 20:56:47 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-11-13 20:56:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-11-12 21:50:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-12 21:50:16 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-12 21:49:13 -------- d-----w- C:\Users\Cole\AppData\Roaming\Malwarebytes
2010-11-12 21:48:21 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-12 21:48:20 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-12 21:48:19 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-12 21:48:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-09 18:17:40 -------- d-----w- C:\Users\Cole\AppData\Roaming\Registry Mechanic
2010-11-09 18:15:01 -------- d-----w- C:\Registry Mechanic
2010-11-09 17:45:46 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-11-09 17:45:46 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-11-09 17:45:45 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-11-09 17:45:45 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-09 17:45:36 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-11-09 17:45:36 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-11-09 17:44:57 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d28ef06f1cb80350e\DSETUP.dll
2010-11-09 17:44:57 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d28ef06f1cb80350e\DXSETUP.exe
2010-11-09 17:44:57 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d28ef06f1cb80350e\dsetup32.dll
2010-11-09 17:44:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d16b7acb1cb80350d\DSETUP.dll
2010-11-09 17:44:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d16b7acb1cb80350d\DXSETUP.exe
2010-11-09 17:44:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d16b7acb1cb80350d\dsetup32.dll
2010-11-09 17:44:28 -------- d-----w- C:\Users\Cole\AppData\Local\Windows Live
2010-11-08 23:47:02 -------- d-----w- C:\Users\Cole\AppData\Local\ElevatedDiagnostics
2010-11-08 23:43:57 -------- d-----w- C:\Users\Cole\AppData\Local\CrashDumps
2010-11-08 23:00:50 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2010-11-08 22:34:35 -------- d-----w- C:\Temp
2010-11-08 22:32:18 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-11-08 22:32:18 -------- d-----w- C:\Program Files\Symantec
2010-11-08 22:32:18 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-11-08 22:32:03 821808 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\SymEFA64.sys
2010-11-08 22:32:03 715824 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\srtsp64.sys
2010-11-08 22:32:03 450096 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\SymDS64.sys
2010-11-08 22:32:03 40496 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\srtspx64.sys
2010-11-08 22:32:03 381488 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys
2010-11-08 22:32:03 168496 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\Ironx64.sys
2010-11-08 22:31:58 -------- d-----w- C:\Windows\System32\drivers\NISx64\1201000.025
2010-11-08 22:31:58 -------- d-----w- C:\Windows\System32\drivers\NISx64
2010-11-08 22:31:57 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2010-11-08 22:15:01 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2010-11-08 22:15:01 -------- d-----w- C:\PROGRA~3\NortonInstaller
2010-11-08 22:08:50 -------- d-----w- C:\PROGRA~3\Norton
2010-11-08 20:53:22 -------- d-sh--w- C:\Users\Cole\AppData\Roaming\Smart Engine
2010-11-08 20:52:11 -------- d-sh--w- C:\PROGRA~3\SMIDKZIYDLE
2010-11-08 20:51:46 -------- d-sh--w- C:\PROGRA~3\d2f0e5
2010-10-27 08:19:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 08:19:49 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 08:19:49 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 08:19:49 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 08:19:49 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 08:19:49 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 08:19:49 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 08:19:40 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-21 00:05:04 66520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
2010-10-21 00:05:04 25048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2010-10-21 00:05:04 140248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2010-10-20 23:20:38 -------- d-----w- C:\Program Files (x86)\Downloaded Installers
2010-10-20 02:28:37 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-10-20 02:22:16 -------- d-----w- C:\Users\Cole\AppData\Local\Mozilla
2010-10-20 02:18:49 -------- d-----w- C:\Users\Cole\AppData\Local\PowerDVD DX
2010-10-20 01:56:29 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-10-20 01:49:22 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-20 01:49:22 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-20 01:49:22 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-20 01:49:22 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-20 01:49:22 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-20 01:49:22 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-20 01:49:21 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-20 01:47:43 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2010-10-20 01:47:43 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2010-10-20 01:47:12 -------- d-----w- C:\Program Files (x86)\Feedback Tool
==================== Find3M ====================
2010-09-23 22:07:09 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-09-23 22:07:09 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-09-23 22:07:09 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-09-23 22:07:09 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
============= FINISH: 18:36:08.64 ===============
Will post Spy-Bot results in new thread
Spy-Bot Results:
--- Search result list ---
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100 (http://www.secure-plus-payments.com=74.125.45.100)
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100 (http://www.getavplusnow.com=74.125.45.100)
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100 (http://www.securesoftwarebill.com=74.125.45.100)
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100 (http://www.getantivirusplusnow.com=74.125.45.100)
Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100 (http://www.securesoftwarebill.com=74.125.45.100)
Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-04 Includes\Hijackers.sbi (*)
2010-11-03 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-11-09 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-26 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-02 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-11-09 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
You do have a bit going on, lets do this.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
pack1977
2010-11-27, 18:52
:funny:
OLT Text
OTL logfile created on: 11/27/2010 10:40:44 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cole\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 246.79 Gb Free Space | 87.08% Space Free | Partition Type: NTFS
Computer Name: COLE-PC | User Name: Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Cole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
========== Modules (SafeList) ==========
MOD - C:\Users\Cole\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101121.006\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101121.006\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101119.001\IDSviA64.sys (Symantec Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/10/19 20:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/30 14:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/11/08 16:32:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/11/08 16:31:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/08 16:31:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/20 18:05:04 | 000,000,000 | ---D | M]
[2010/10/19 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\Cole\AppData\Roaming\Mozilla\Extensions
[2010/10/19 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\keshydxj.default\extensions
[2010/11/08 17:53:15 | 000,002,470 | ---- | M] () -- C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\keshydxj.default\searchplugins\safesearch.xml
[2010/10/20 18:05:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/11/08 17:43:31 | 000,002,095 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 173.232.149.92 www.google.com
O1 - Hosts: 173.232.149.92 google.com
O1 - Hosts: 173.232.149.92 google.com.au
O1 - Hosts: 173.232.149.92 www.google.com.au
O1 - Hosts: 173.232.149.92 google.be
O1 - Hosts: 173.232.149.92 www.google.be
O1 - Hosts: 173.232.149.92 google.com.br
O1 - Hosts: 173.232.149.92 www.google.com.br
O1 - Hosts: 173.232.149.92 google.ca
O1 - Hosts: 173.232.149.92 www.google.ca
O1 - Hosts: 173.232.149.92 google.ch
O1 - Hosts: 173.232.149.92 www.google.ch
O1 - Hosts: 38 more lines...
O2:64bit: - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/27 10:31:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cole\Desktop\OTL.exe
[2010/11/17 03:00:48 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/11/16 18:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/16 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/16 18:16:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cole\Desktop\erunt-setup.exe
[2010/11/16 16:21:09 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Cole\Desktop\TFC.exe
[2010/11/16 15:47:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/13 14:56:50 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/13 14:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/13 14:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/13 14:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/12 15:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/12 15:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/11/12 15:49:13 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Roaming\Malwarebytes
[2010/11/12 15:48:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/12 15:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/12 15:48:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/12 15:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/09 12:17:40 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Roaming\Registry Mechanic
[2010/11/09 12:15:01 | 000,000,000 | ---D | C] -- C:\Registry Mechanic
[2010/11/09 11:45:46 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/09 11:45:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/09 11:45:45 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/09 11:45:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 11:45:36 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/11/09 11:45:36 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/11/09 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Local\Windows Live
[2010/11/08 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Local\ElevatedDiagnostics
[2010/11/08 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Local\CrashDumps
[2010/11/08 17:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/11/08 16:34:35 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/08 16:33:13 | 000,000,000 | ---D | C] -- C:\Users\Cole\Documents\Symantec
[2010/11/08 16:32:18 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/11/08 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/11/08 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/11/08 16:32:03 | 000,821,808 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA64.sys
[2010/11/08 16:32:03 | 000,715,824 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.sys
[2010/11/08 16:32:03 | 000,450,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS64.sys
[2010/11/08 16:32:03 | 000,381,488 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\symnets.sys
[2010/11/08 16:32:03 | 000,168,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Ironx64.sys
[2010/11/08 16:32:03 | 000,040,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.sys
[2010/11/08 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/11/08 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1201000.025
[2010/11/08 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/11/08 16:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/11/08 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/11/08 16:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/11/08 14:53:22 | 000,000,000 | -HSD | C] -- C:\Users\Cole\AppData\Roaming\Smart Engine
[2010/11/08 14:52:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMIDKZIYDLE
[2010/11/08 14:51:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\d2f0e5
========== Files - Modified Within 30 Days ==========
[2010/11/27 10:44:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 10:44:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 10:41:42 | 001,261,906 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Cat.DB
[2010/11/27 10:39:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 10:31:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cole\Desktop\OTL.exe
[2010/11/27 10:29:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/27 10:29:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/16 18:34:03 | 000,001,106 | ---- | M] () -- C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/16 18:33:44 | 000,000,907 | ---- | M] () -- C:\Users\Cole\Desktop\ERUNT.lnk
[2010/11/16 18:17:34 | 000,630,272 | ---- | M] () -- C:\Users\Cole\Desktop\dds.scr
[2010/11/16 18:16:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cole\Desktop\erunt-setup.exe
[2010/11/16 17:58:49 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/16 17:58:49 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/16 17:58:49 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/16 16:22:57 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/16 15:57:03 | 000,000,837 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts.sam
[2010/11/13 14:56:47 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/12 15:50:20 | 000,001,284 | ---- | M] () -- C:\Users\Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/09 12:20:27 | 000,001,638 | ---- | M] () -- C:\Users\Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/11/09 12:20:26 | 000,001,612 | ---- | M] () -- C:\Users\Cole\Desktop\Smart Engine.lnk
[2010/11/08 18:34:52 | 000,001,980 | ---- | M] () -- C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-162008.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160222.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160221.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160220.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160219.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160218.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160217.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160216.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160215.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160214.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160209.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160111.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160110.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160109.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160108.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160104.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151737.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151736.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151735.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151734.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151733.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151732.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151724.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141842.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141841.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141840.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141839.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141837.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141827.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133523.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133522.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133521.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133520.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133519.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133517.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133512.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/08 17:36:34 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/08 16:34:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/08 16:32:18 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/11/08 16:32:18 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/11/08 16:32:18 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/11/08 16:32:13 | 000,002,563 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/11/08 16:08:56 | 000,001,286 | ---- | M] () -- C:\Users\Cole\Desktop\Norton Installation Files.lnk
[2010/11/08 09:22:41 | 000,016,568 | ---- | M] () -- C:\Users\Cole\Documents\The Lottery in Babylon.docx
[2010/11/01 07:42:32 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\LockDown Browser.lnk
========== Files Created - No Company Name ==========
[2010/11/16 18:34:03 | 000,001,106 | ---- | C] () -- C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/16 18:33:44 | 000,000,907 | ---- | C] () -- C:\Users\Cole\Desktop\ERUNT.lnk
[2010/11/16 18:17:34 | 000,630,272 | ---- | C] () -- C:\Users\Cole\Desktop\dds.scr
[2010/11/13 14:56:47 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/12 15:50:20 | 000,001,284 | ---- | C] () -- C:\Users\Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/09 11:41:28 | 000,001,612 | ---- | C] () -- C:\Users\Cole\Desktop\Smart Engine.lnk
[2010/11/08 17:36:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/08 16:34:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/08 16:32:21 | 001,261,906 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Cat.DB
[2010/11/08 16:32:18 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/11/08 16:32:18 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/11/08 16:32:13 | 000,002,563 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/11/08 16:31:58 | 000,007,414 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.cat
[2010/11/08 16:31:58 | 000,007,412 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA64.cat
[2010/11/08 16:31:58 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\symnet64.cat
[2010/11/08 16:31:58 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.cat
[2010/11/08 16:31:58 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS64.cat
[2010/11/08 16:31:58 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\iron.cat
[2010/11/08 16:31:58 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA.inf
[2010/11/08 16:31:58 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS.inf
[2010/11/08 16:31:58 | 000,001,445 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymNet.inf
[2010/11/08 16:31:58 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.inf
[2010/11/08 16:31:58 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.inf
[2010/11/08 16:31:58 | 000,000,771 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Iron.inf
[2010/11/08 16:31:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\isolate.ini
[2010/11/08 16:08:53 | 000,001,286 | ---- | C] () -- C:\Users\Cole\Desktop\Norton Installation Files.lnk
[2010/11/08 14:53:26 | 000,001,638 | ---- | C] () -- C:\Users\Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/11/08 09:22:41 | 000,016,568 | ---- | C] () -- C:\Users\Cole\Documents\The Lottery in Babylon.docx
[2010/06/28 15:02:01 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/06/28 15:02:01 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/06/28 15:02:01 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/06/28 15:01:46 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/06/28 15:01:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/11/08 15:24:26 | 000,000,000 | ---D | M] -- C:\Users\Cole\AppData\Roaming\FrostWire
[2010/08/02 21:42:49 | 000,000,000 | ---D | M] -- C:\Users\Cole\AppData\Roaming\GetRightToGo
[2010/11/09 12:17:40 | 000,000,000 | ---D | M] -- C:\Users\Cole\AppData\Roaming\Registry Mechanic
[2010/11/08 14:54:06 | 000,000,000 | -HSD | M] -- C:\Users\Cole\AppData\Roaming\Smart Engine
[2010/07/05 19:21:16 | 000,000,000 | ---D | M] -- C:\Users\Cole\AppData\Roaming\WildTangent
[2009/07/13 23:08:49 | 000,027,168 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C28667BE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
pack1977
2010-11-27, 18:54
Extras Txt
OTL Extras logfile created on: 11/27/2010 10:40:44 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cole\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 246.79 Gb Free Space | 87.08% Space Free | Partition Type: NTFS
Computer Name: COLE-PC | User Name: Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
"{28E3217E-CA53-4474-9F5B-BCE76E5FA4C4}_is1" = Monopoly 3
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
"{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
"{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
"{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
"{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
"{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/20/2010 8:22:24 PM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 10/21/2010 1:17:04 PM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 10/21/2010 1:17:04 PM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 10/22/2010 1:39:11 PM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 10/22/2010 1:39:11 PM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 10/26/2010 4:33:52 AM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 10/26/2010 4:35:41 AM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 10/26/2010 4:36:47 AM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.
Error - 10/29/2010 11:54:43 PM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 10/29/2010 11:54:43 PM | Computer Name = Cole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
[ Dell Events ]
Error - 10/4/2010 1:11:42 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/4/2010 1:11:42 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/8/2010 5:28:06 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/8/2010 5:28:07 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/8/2010 5:29:00 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/8/2010 5:29:00 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/8/2010 7:02:09 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/8/2010 7:02:09 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/8/2010 7:21:45 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/8/2010 7:21:45 PM | Computer Name = Cole-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
[ System Events ]
Error - 11/9/2010 2:25:17 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:25:31 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:25:31 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:25:31 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:26:57 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:26:57 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:26:57 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:27:37 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:27:37 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/9/2010 2:27:37 PM | Computer Name = Cole-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
< End of report >
Malware Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5103
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/27/2010 10:37:29 AM
mbam-log-2010-11-27 (10-37-29).txt
Scan type: Quick scan
Objects scanned: 142413
Time elapsed: 5 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi,
Let me give you a heads up on these
FrostWire Toolbar
Ask Toolbar
File sharing sites like Frostwire are really unsafe, your downloading that file from an unknown source and not all but some contain malware. The malware writers are in tune with this and are using this method to infect you. You need to uninstall it via Programs and Features in the Control Panel
Ask,
You need to uninstall this one also
* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-162008.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160222.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160221.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160220.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160219.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160218.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160217.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160216.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160215.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160214.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160209.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160111.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160110.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160109.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160108.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-160104.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151737.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151736.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151735.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151734.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151733.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151732.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-151724.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141842.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141841.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141840.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141839.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141837.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-141827.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133523.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133522.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133521.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133520.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133519.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133517.backup
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101113-133512.backup
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C28667BE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
pack1977
2010-11-28, 06:35
first log
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
C:\Windows\SysNative\drivers\etc\hosts.20101116-160222.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160221.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160220.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160219.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160218.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160217.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160216.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160215.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160214.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160209.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160111.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160110.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160109.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160108.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101116-160104.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-151737.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-151736.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-151735.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-151734.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-151733.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-151732.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-151724.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-141842.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-141841.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-141840.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-141839.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-141837.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-141827.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-133523.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-133522.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-133521.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-133520.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-133519.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-133517.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101113-133512.backup moved successfully.
ADS C:\ProgramData\TEMP:C28667BE deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Cole
->Temp folder emptied: 133664 bytes
->Temporary Internet Files folder emptied: 50096916 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37037382 bytes
->Flash cache emptied: 133238 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 83.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.17.3 log created on 11272010_220756
Files\Folders moved on Reboot...
C:\Users\Cole\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Cole\AppData\Local\Temp\~DF1CDC268137A1DF36.TMP not found!
File\Folder C:\Users\Cole\AppData\Local\Temp\~DF3FE33A36F1FC94E7.TMP not found!
File\Folder C:\Users\Cole\AppData\Local\Temp\~DF49E070DC9109A097.TMP not found!
File\Folder C:\Users\Cole\AppData\Local\Temp\~DF69FAC41470D31128.TMP not found!
File\Folder C:\Users\Cole\AppData\Local\Temp\~DFAB7A73FCABB9D16D.TMP not found!
File\Folder C:\Users\Cole\AppData\Local\Temp\~DFC5E646588DE0CB49.TMP not found!
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZT06MD90\11[1].htm moved successfully.
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D6B4O6Q\ai[1].htm moved successfully.
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D6B4O6Q\facebook_com[1].htm moved successfully.
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D6B4O6Q\morestories[1].htm moved successfully.
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9D6B4O6Q\redirectiframe[1].html moved successfully.
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
Registry entries deleted on Reboot...
Log after 2nd Scan
OTL logfile created on: 11/27/2010 10:27:33 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cole\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 248.34 Gb Free Space | 87.63% Space Free | Partition Type: NTFS
Computer Name: COLE-PC | User Name: Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Cole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
========== Modules (SafeList) ==========
MOD - C:\Users\Cole\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101127.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101127.002\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101124.002\IDSviA64.sys (Symantec Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/30 14:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/11/08 16:32:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/11/08 16:31:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/08 16:31:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/20 18:05:04 | 000,000,000 | ---D | M]
[2010/10/19 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\Cole\AppData\Roaming\Mozilla\Extensions
[2010/10/19 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\keshydxj.default\extensions
[2010/11/08 17:53:15 | 000,002,470 | ---- | M] () -- C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\keshydxj.default\searchplugins\safesearch.xml
[2010/10/20 18:05:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/11/27 22:09:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/27 22:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/11/27 22:07:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/27 10:31:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cole\Desktop\OTL.exe
[2010/11/17 03:00:48 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/11/16 18:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/16 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/16 16:21:09 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Cole\Desktop\TFC.exe
[2010/11/16 15:47:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/13 14:56:50 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/13 14:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/13 14:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/13 14:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/12 15:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/12 15:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/11/12 15:49:13 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Roaming\Malwarebytes
[2010/11/12 15:48:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/12 15:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/12 15:48:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/12 15:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/09 12:17:40 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Roaming\Registry Mechanic
[2010/11/09 12:15:01 | 000,000,000 | ---D | C] -- C:\Registry Mechanic
[2010/11/09 11:45:46 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/09 11:45:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/09 11:45:45 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/09 11:45:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 11:45:36 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/11/09 11:45:36 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/11/09 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Local\Windows Live
[2010/11/08 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Local\ElevatedDiagnostics
[2010/11/08 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\Cole\AppData\Local\CrashDumps
[2010/11/08 17:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/11/08 16:34:35 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/08 16:33:13 | 000,000,000 | ---D | C] -- C:\Users\Cole\Documents\Symantec
[2010/11/08 16:32:18 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/11/08 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/11/08 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/11/08 16:32:03 | 000,821,808 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA64.sys
[2010/11/08 16:32:03 | 000,715,824 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.sys
[2010/11/08 16:32:03 | 000,450,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS64.sys
[2010/11/08 16:32:03 | 000,381,488 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\symnets.sys
[2010/11/08 16:32:03 | 000,168,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Ironx64.sys
[2010/11/08 16:32:03 | 000,040,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.sys
[2010/11/08 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/11/08 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1201000.025
[2010/11/08 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/11/08 16:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/11/08 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/11/08 16:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/11/08 14:53:22 | 000,000,000 | -HSD | C] -- C:\Users\Cole\AppData\Roaming\Smart Engine
[2010/11/08 14:52:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMIDKZIYDLE
[2010/11/08 14:51:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\d2f0e5
========== Files - Modified Within 30 Days ==========
[2010/11/27 22:28:52 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/27 22:28:52 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/27 22:28:52 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/27 22:27:01 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 22:27:01 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 22:24:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/27 22:24:36 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 22:16:26 | 001,263,184 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Cat.DB
[2010/11/27 22:09:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/11/27 10:31:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cole\Desktop\OTL.exe
[2010/11/16 18:34:03 | 000,001,106 | ---- | M] () -- C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/16 18:33:44 | 000,000,907 | ---- | M] () -- C:\Users\Cole\Desktop\ERUNT.lnk
[2010/11/16 18:17:34 | 000,630,272 | ---- | M] () -- C:\Users\Cole\Desktop\dds.scr
[2010/11/16 15:57:03 | 000,000,837 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts.sam
[2010/11/13 14:56:47 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/12 15:50:20 | 000,001,284 | ---- | M] () -- C:\Users\Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/09 12:20:27 | 000,001,638 | ---- | M] () -- C:\Users\Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/11/09 12:20:26 | 000,001,612 | ---- | M] () -- C:\Users\Cole\Desktop\Smart Engine.lnk
[2010/11/08 18:34:52 | 000,001,980 | ---- | M] () -- C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/11/08 17:43:31 | 000,002,095 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101116-162008.backup
[2010/11/08 17:36:34 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/08 16:34:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/08 16:32:18 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/11/08 16:32:18 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/11/08 16:32:18 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/11/08 16:32:13 | 000,002,563 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/11/08 16:08:56 | 000,001,286 | ---- | M] () -- C:\Users\Cole\Desktop\Norton Installation Files.lnk
[2010/11/08 09:22:41 | 000,016,568 | ---- | M] () -- C:\Users\Cole\Documents\The Lottery in Babylon.docx
[2010/11/01 07:42:32 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\LockDown Browser.lnk
========== Files Created - No Company Name ==========
[2010/11/16 18:34:03 | 000,001,106 | ---- | C] () -- C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/16 18:33:44 | 000,000,907 | ---- | C] () -- C:\Users\Cole\Desktop\ERUNT.lnk
[2010/11/16 18:17:34 | 000,630,272 | ---- | C] () -- C:\Users\Cole\Desktop\dds.scr
[2010/11/13 14:56:47 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/12 15:50:20 | 000,001,284 | ---- | C] () -- C:\Users\Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/09 11:41:28 | 000,001,612 | ---- | C] () -- C:\Users\Cole\Desktop\Smart Engine.lnk
[2010/11/08 17:36:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/08 16:34:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/08 16:32:21 | 001,263,184 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Cat.DB
[2010/11/08 16:32:18 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/11/08 16:32:18 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/11/08 16:32:13 | 000,002,563 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/11/08 16:31:58 | 000,007,414 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.cat
[2010/11/08 16:31:58 | 000,007,412 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA64.cat
[2010/11/08 16:31:58 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\symnet64.cat
[2010/11/08 16:31:58 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.cat
[2010/11/08 16:31:58 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS64.cat
[2010/11/08 16:31:58 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\iron.cat
[2010/11/08 16:31:58 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymEFA.inf
[2010/11/08 16:31:58 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymDS.inf
[2010/11/08 16:31:58 | 000,001,445 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\SymNet.inf
[2010/11/08 16:31:58 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtsp64.inf
[2010/11/08 16:31:58 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\srtspx64.inf
[2010/11/08 16:31:58 | 000,000,771 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\Iron.inf
[2010/11/08 16:31:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1201000.025\isolate.ini
[2010/11/08 16:08:53 | 000,001,286 | ---- | C] () -- C:\Users\Cole\Desktop\Norton Installation Files.lnk
[2010/11/08 14:53:26 | 000,001,638 | ---- | C] () -- C:\Users\Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/11/08 09:22:41 | 000,016,568 | ---- | C] () -- C:\Users\Cole\Documents\The Lottery in Babylon.docx
[2010/06/28 15:02:01 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/06/28 15:02:01 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/06/28 15:02:01 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/06/28 15:01:46 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/06/28 15:01:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
Looks good. Your Hosts file has been reset back to Microsoft defaults.
Run this free online virus scanner and post the log and let me know how things are running now
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
pack1977
2010-11-28, 18:13
The computer is running like a champ. I don't have a very good interent connection so the online scanner isn't working correctly. I really appreciate your help!!
Your very welcome. If in the next few days you feel you still have problems please post back and we can dig deeper. Just a reminder that this thread will be closed in about 5 days so if it is you can PM me to reopen it or start a new topic.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.