View Full Version : can't fix selected problems -- hosts error
cbthmpsn
2010-11-30, 10:33
Newbie here....all help is greatly appreciated. Apparently got some malware, and found out about spybot and ran it. When I tried to fix the problems, I ran into the error about access denied to the hosts file. I've seen this error noted in other posts, and am trying to follow along as best I can. Here is my DDS report:
DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Thompson Family at 2:22:13.63 on Tue 11/30/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2371 [GMT -6:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\SysWOW64\hh.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Thompson Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VG6KCLZ4\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101102153634.dll
BHO: Diigo Toolbar Helper: {84053da7-03de-4fb6-80ae-202c04691d8a} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Diigo Toolbar: {09197ffb-c236-4153-b268-31051e4f3b6c} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Diigo Sidebar: {69523951-583f-418c-bde7-18efc9fd54b4} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\vdeck.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\THOMPS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {B952F2E0-5F9F-4898-89A8-4FB770625E09} - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: image file execution options - svchost.exe
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101102153634.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-9-7 529128]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-27 55280]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-9-7 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-9-7 283360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-27 203264]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-6-28 110312]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-7 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-7 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-7 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 149032]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-27 689472]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-9-7 62800]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-9-7 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-9-7 441328]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-27 215040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-2-27 1224704]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-7 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-30 1153368]
S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-9-7 94864]
S3 mr97310c;CIF Dual-Mode Camera;C:\Windows\System32\drivers\mr97310c.sys [2008-3-27 143872]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-21 1255736]
=============== Created Last 30 ================
2010-11-30 07:33:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-30 07:33:50 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-30 06:27:40 -------- d-----w- C:\Windows\en
2010-11-30 06:22:35 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-11-30 06:22:23 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-11-30 06:22:21 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-11-30 06:22:21 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-11-30 06:22:21 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-11-30 06:22:21 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-30 06:21:33 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d49164b41cb90560d\InstallManager_WLE_WLE.exe
2010-11-30 06:21:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d2f7f7f31cb90560c\DSETUP.dll
2010-11-30 06:21:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d2f7f7f31cb90560c\DXSETUP.exe
2010-11-30 06:21:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d2f7f7f31cb90560c\dsetup32.dll
2010-11-30 06:21:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d19c6efb1cb90560b\DSETUP.dll
2010-11-30 06:21:28 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d19c6efb1cb90560b\DXSETUP.exe
2010-11-30 06:21:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d19c6efb1cb90560b\dsetup32.dll
2010-11-30 06:21:11 -------- d-----w- C:\Users\THOMPS~1\AppData\Local\Windows Live
2010-11-30 06:20:39 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-30 06:20:39 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-30 06:20:39 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-30 06:20:39 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-30 06:20:39 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-30 06:20:39 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-30 06:20:38 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-26 18:07:05 -------- d-sh--w- C:\Users\THOMPS~1\AppData\Roaming\Internet Security Suite
2010-11-26 18:07:05 -------- d-sh--w- C:\PROGRA~3\ISKWTCLXS
2010-11-26 18:06:17 -------- d-sh--w- C:\PROGRA~3\8f4c3b
2010-11-23 22:38:14 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 22:38:14 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-19 04:57:23 -------- d-----w- C:\Program Files (x86)\Diigo
2010-11-02 05:34:54 -------- d-----w- C:\Program Files (x86)\CleanUp!
==================== Find3M ====================
2010-11-29 23:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-14 03:28:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-10-14 03:28:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-10-14 03:28:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-10-14 03:28:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-10-14 03:28:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-10-14 03:28:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-10-14 03:28:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-10-14 03:28:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-10-14 03:28:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-09-23 06:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 06:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 20:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 20:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 10:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
============= FINISH: 2:22:45.90 ===============
Here is the spybot results:
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-16 Includes\Hijackers.sbi (*)
2010-11-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-11-29 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-26 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-02 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-11-29 Includes\TrojansC-05.sbi (*)
2010-11-23 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Can anyone help sort this mess out for me? Thanks much....
I forgot to include the DDS attachment....
Hi,
Please download MBRCheck (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
1. Right click MBRCheck.exe and select run as administrator to run it.
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.
---
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
cbthmpsn
2010-12-05, 04:30
Blade81,
Thank you for your assistance. Here is the MBRCheck log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 546
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 180):
0x03001000 \SystemRoot\system32\ntoskrnl.exe
0x035DD000 \SystemRoot\system32\hal.dll
0x00BB1000 \SystemRoot\system32\kdcom.dll
0x00C8C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C99000 \SystemRoot\system32\PSHED.dll
0x00CAD000 \SystemRoot\system32\CLFS.SYS
0x00D0B000 \SystemRoot\system32\CI.dll
0x00E74000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F18000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F27000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F7E000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F87000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F91000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FD1000 \SystemRoot\System32\drivers\partmgr.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DCB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DE5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C35000 \SystemRoot\system32\drivers\fltmgr.sys
0x010B1000 \SystemRoot\system32\drivers\fileinfo.sys
0x010C5000 \SystemRoot\system32\drivers\mfehidk.sys
0x01144000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01242000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01150000 \SystemRoot\System32\Drivers\msrpc.sys
0x013E5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01405000 \SystemRoot\system32\drivers\ndis.sys
0x014F7000 \SystemRoot\system32\drivers\NETIO.SYS
0x01557000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01582000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015CE000 \SystemRoot\System32\Drivers\spldr.sys
0x01073000 \SystemRoot\System32\drivers\rdyboost.sys
0x015D6000 \SystemRoot\System32\Drivers\mup.sys
0x015E8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011AE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0121B000 \SystemRoot\system32\DRIVERS\disk.sys
0x016F2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01758000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01782000 \SystemRoot\System32\Drivers\Null.SYS
0x0178B000 \SystemRoot\System32\Drivers\Beep.SYS
0x01792000 \SystemRoot\System32\drivers\vga.sys
0x017A0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017C5000 \SystemRoot\System32\drivers\watchdog.sys
0x017D5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017DE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017E7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02A02000 \SystemRoot\System32\drivers\tcpip.sys
0x01611000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0165B000 \SystemRoot\system32\drivers\mfewfpk.sys
0x0169F000 \SystemRoot\system32\drivers\TDI.SYS
0x016AC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0389B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x038E0000 \SystemRoot\system32\drivers\afd.sys
0x0396A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03973000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03999000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x039AA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x039B9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x039D4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03800000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03851000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0385D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03868000 \SystemRoot\System32\drivers\discache.sys
0x03877000 \SystemRoot\System32\Drivers\dfsc.sys
0x039E8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x016CA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011E8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03AF5000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0410B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03A46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03A6A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03AA3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03AB0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0423D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04293000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x042A4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x042B4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x042CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x042EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x042FA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04329000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04344000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04365000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0437F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0438E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0439D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0439F000 \SystemRoot\system32\DRIVERS\ks.sys
0x043E2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04C23000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04C7D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C92000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04CB2000 \SystemRoot\system32\drivers\portcls.sys
0x04CEF000 \SystemRoot\system32\drivers\drmk.sys
0x04D11000 \SystemRoot\system32\drivers\ksthunk.sys
0x05425000 \SystemRoot\system32\drivers\viahduaa.sys
0x055BB000 \SystemRoot\system32\drivers\mfeavfk.sys
0x04D17000 \SystemRoot\system32\drivers\mfefirek.sys
0x055E8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05400000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0540C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04D81000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04D94000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05415000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04DB1000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x05417000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x04DC2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x000D0000 \SystemRoot\System32\win32k.sys
0x04DDD000 \SystemRoot\System32\drivers\Dxapi.sys
0x04DE9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04C00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04200000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0420E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0421B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x03ABB000 \SystemRoot\system32\drivers\luafv.sys
0x01722000 \SystemRoot\system32\drivers\WudfPf.sys
0x03ADE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02872000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0288A000 \SystemRoot\system32\drivers\HTTP.sys
0x02952000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02970000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02988000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0284E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05815000 \SystemRoot\system32\drivers\peauth.sys
0x058BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x058C6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x058F3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05932000 \SystemRoot\System32\DRIVERS\srv2.sys
0x060DD000 \SystemRoot\System32\DRIVERS\srv.sys
0x06173000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x061C0000 \SystemRoot\system32\drivers\cfwids.sys
0x06000000 \SystemRoot\System32\Drivers\fastfat.SYS
0x061A4000 \SystemRoot\system32\drivers\mfeapfk.sys
0x777C0000 \Windows\System32\ntdll.dll
0x47D80000 \Windows\System32\smss.exe
0xFFAE0000 \Windows\System32\apisetschema.dll
0xFFE50000 \Windows\System32\autochk.exe
0xFF9F0000 \Windows\System32\advapi32.dll
0xFF810000 \Windows\System32\setupapi.dll
0xFF7F0000 \Windows\System32\sechost.dll
0xFF7A0000 \Windows\System32\Wldap32.dll
0x776A0000 \Windows\System32\kernel32.dll
0xFF770000 \Windows\System32\imm32.dll
0xFF6D0000 \Windows\System32\comdlg32.dll
0xFF5F0000 \Windows\System32\oleaut32.dll
0xFF3E0000 \Windows\System32\ole32.dll
0xFF360000 \Windows\System32\shlwapi.dll
0xFF2C0000 \Windows\System32\msvcrt.dll
0x77990000 \Windows\System32\psapi.dll
0x775A0000 \Windows\System32\user32.dll
0xFF240000 \Windows\System32\difxapi.dll
0xFEFE0000 \Windows\System32\iertutil.dll
0x77980000 \Windows\System32\normaliz.dll
0xFEFD0000 \Windows\System32\nsi.dll
0xFEF60000 \Windows\System32\gdi32.dll
0xFEE90000 \Windows\System32\usp10.dll
0xFEE70000 \Windows\System32\imagehlp.dll
0xFE0E0000 \Windows\System32\shell32.dll
0xFE040000 \Windows\System32\clbcatq.dll
0xFDEC0000 \Windows\System32\urlmon.dll
0xFDDB0000 \Windows\System32\msctf.dll
0xFDC80000 \Windows\System32\rpcrt4.dll
0xFDC70000 \Windows\System32\lpk.dll
0xFDB40000 \Windows\System32\wininet.dll
0xFDAF0000 \Windows\System32\ws2_32.dll
0xFDA50000 \Windows\System32\comctl32.dll
0xFD9E0000 \Windows\System32\KernelBase.dll
Processes (total 83):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
432 csrss.exe
504 C:\Windows\System32\wininit.exe
516 csrss.exe
560 C:\Windows\System32\winlogon.exe
608 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\atiesrxx.exe
932 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
680 C:\Program Files\Dell\DellDock\DockLogin.exe
788 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\atieclxx.exe
1160 C:\Windows\System32\spoolsv.exe
1228 C:\Windows\System32\svchost.exe
1364 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1388 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1408 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1452 C:\Windows\System32\svchost.exe
1484 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1552 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1644 C:\Windows\System32\rundll32.exe
1656 C:\Windows\SysWOW64\rundll32.exe
1768 C:\Windows\System32\dwm.exe
1816 C:\Windows\System32\taskhost.exe
1916 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1948 C:\Windows\explorer.exe
1512 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
1748 C:\Windows\System32\svchost.exe
1084 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2148 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2236 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2352 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2388 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2900 C:\Windows\System32\svchost.exe
1804 WUDFHost.exe
2676 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
3152 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
3172 C:\Windows\System32\conhost.exe
3672 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
3884 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
3908 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
3920 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3928 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3944 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
3952 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
3972 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3980 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
4092 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1296 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
3604 C:\Program Files\Dell\DellDock\DellDock.exe
4220 C:\Windows\System32\SearchIndexer.exe
4284 C:\Program Files\iPod\bin\iPodService.exe
4480 C:\Program Files\Windows Media Player\wmpnetwk.exe
4852 C:\Windows\System32\svchost.exe
4104 dllhost.exe
5828 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
4408 C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
208 C:\PROGRA~2\INTERN~1\iexplore.exe
4116 C:\PROGRA~2\INTERN~1\iexplore.exe
5920 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
2140 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
5400 C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
3840 C:\Program Files\McAfee.com\Agent\mcagent.exe
708 C:\Windows\System32\taskeng.exe
6124 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
824 C:\Windows\System32\SearchProtocolHost.exe
5600 C:\Windows\System32\audiodg.exe
5516 taskhost.exe
2524 C:\PROGRA~2\INTERN~1\iexplore.exe
5880 C:\Windows\System32\SearchFilterHost.exe
4756 WmiPrvSE.exe
328 C:\Windows\SysWOW64\wscript.exe
2228 C:\Users\Thompson Family\Desktop\MBRCheck.exe
5756 C:\Windows\System32\conhost.exe
4744 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
PhysicalDrive0 Model Number: ST3500418AS, Rev: CC45
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
Done!
Here is the OTL.txt results:
OTL logfile created on: 12/4/2010 7:56:09 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Thompson Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 379.35 Gb Free Space | 84.10% Space Free | Partition Type: NTFS
Computer Name: BONUSROOM | User Name: Thompson Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Thompson Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
========== Modules (SafeList) ==========
MOD - C:\Users\Thompson Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) Logitech Webcam 120(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mr97310c) -- C:\Windows\SysNative\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/11/30 18:56:06 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/11/26 12:38:02 | 000,001,658 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 78.46.249.74 www.google.com
O1 - Hosts: 78.46.249.74 google.com
O1 - Hosts: 78.46.249.74 google.com.au
O1 - Hosts: 78.46.249.74 www.google.com.au
O1 - Hosts: 78.46.249.74 google.be
O1 - Hosts: 78.46.249.74 www.google.be
O1 - Hosts: 78.46.249.74 google.com.br
O1 - Hosts: 78.46.249.74 www.google.com.br
O1 - Hosts: 78.46.249.74 google.ca
O1 - Hosts: 78.46.249.74 www.google.ca
O1 - Hosts: 78.46.249.74 google.ch
O1 - Hosts: 78.46.249.74 www.google.ch
O1 - Hosts: 78.46.249.74 google.de
O1 - Hosts: 78.46.249.74 www.google.de
O1 - Hosts: 78.46.249.74 google.dk
O1 - Hosts: 78.46.249.74 www.google.dk
O1 - Hosts: 78.46.249.74 google.fr
O1 - Hosts: 31 more lines...
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101102153634.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101102153634.dll (McAfee, Inc.)
O2 - BHO: (Diigo Toolbar Helper) - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll (Diigo inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Diigo Toolbar) - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll (Diigo inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Thompson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Diigo - {B952F2E0-5F9F-4898-89A8-4FB770625E09} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll (Diigo inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2097ed3c-cc6b-11df-bc18-a4badbeaa187}\Shell - "" = AutoRun
O33 - MountPoints2\{2097ed3c-cc6b-11df-bc18-a4badbeaa187}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{223984b5-b021-11df-ae6b-a4badbeaa187}\Shell - "" = AutoRun
O33 - MountPoints2\{223984b5-b021-11df-ae6b-a4badbeaa187}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/04 19:52:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Thompson Family\Desktop\OTL.exe
[2010/11/30 08:29:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/30 08:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/30 01:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/30 01:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/11/30 00:27:40 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/30 00:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/30 00:23:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/30 00:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/11/30 00:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/11/30 00:22:21 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/30 00:22:21 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/30 00:22:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/30 00:22:21 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/30 00:21:11 | 000,000,000 | ---D | C] -- C:\Users\Thompson Family\AppData\Local\Windows Live
[2010/11/30 00:20:39 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/11/30 00:20:39 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/11/30 00:20:39 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/11/30 00:20:39 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/11/30 00:20:39 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/11/30 00:20:39 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/11/30 00:20:38 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/11/26 12:07:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\ISKWTCLXS
[2010/11/26 12:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Thompson Family\AppData\Roaming\Internet Security Suite
[2010/11/26 12:06:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\8f4c3b
[2010/11/18 22:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diigo
[2010/11/08 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/08 20:59:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 20:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 20:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
========== Files - Modified Within 30 Days ==========
[2010/12/04 19:56:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/04 19:52:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson Family\Desktop\OTL.exe
[2010/12/04 19:49:28 | 000,080,384 | ---- | M] () -- C:\Users\Thompson Family\Desktop\MBRCheck.exe
[2010/12/04 19:45:38 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/04 19:45:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/02 20:51:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 20:51:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/30 08:28:52 | 000,000,907 | ---- | M] () -- C:\Users\Thompson Family\Desktop\ERUNT.lnk
[2010/11/30 01:33:54 | 000,001,284 | ---- | M] () -- C:\Users\Thompson Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/30 01:33:54 | 000,001,260 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Spybot - Search & Destroy.lnk
[2010/11/30 01:07:14 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/30 01:07:14 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/30 01:07:14 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/30 01:00:48 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/11/30 01:00:25 | 3019,202,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/28 08:25:38 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/11/26 13:59:30 | 000,084,451 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Nash.docx
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224132.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224131.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224130.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224129.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224127.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224126.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224123.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224118.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223246.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223244.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223242.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223241.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223240.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223239.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223238.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223226.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133400.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133359.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133358.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133357.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133356.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133355.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133353.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081133.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081132.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081131.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081130.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081126.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081124.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081120.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022839.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022838.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022837.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022836.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022835.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022829.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022054.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022053.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022052.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022051.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021334.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021333.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021332.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021331.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021330.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020433.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020302.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020301.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020300.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020258.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020253.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020031.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020030.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020029.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020028.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020027.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020026.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020025.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020019.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020007.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020006.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020005.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020004.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020002.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-015956.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/20 08:40:10 | 000,012,009 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Basketball quotes, stories.docx
[2010/11/19 00:30:59 | 000,030,458 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Slice and Stagger.docx
[2010/11/11 18:13:39 | 073,664,403 | ---- | M] () -- C:\Users\Thompson Family\Documents\AutoSave_Untitled.skp
[2010/11/08 21:39:56 | 000,011,539 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Shot Science Strength Program.docx
========== Files Created - No Company Name ==========
[2010/12/04 19:49:28 | 000,080,384 | ---- | C] () -- C:\Users\Thompson Family\Desktop\MBRCheck.exe
[2010/11/30 08:28:52 | 000,000,907 | ---- | C] () -- C:\Users\Thompson Family\Desktop\ERUNT.lnk
[2010/11/30 01:33:54 | 000,001,284 | ---- | C] () -- C:\Users\Thompson Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/30 01:33:54 | 000,001,260 | ---- | C] () -- C:\Users\Thompson Family\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 13:59:29 | 000,084,451 | ---- | C] () -- C:\Users\Thompson Family\Desktop\Nash.docx
[2010/11/19 00:25:47 | 000,012,009 | ---- | C] () -- C:\Users\Thompson Family\Desktop\Basketball quotes, stories.docx
[2010/11/10 17:54:48 | 073,664,403 | ---- | C] () -- C:\Users\Thompson Family\Documents\AutoSave_Untitled.skp
[2010/11/08 21:39:56 | 000,011,539 | ---- | C] () -- C:\Users\Thompson Family\Desktop\Shot Science Strength Program.docx
[2010/10/21 17:28:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/13 00:19:08 | 000,000,022 | ---- | C] () -- C:\Users\Thompson Family\AppData\Local\kodakpcd.ini
[2010/04/20 22:56:10 | 000,007,620 | ---- | C] () -- C:\Users\Thompson Family\AppData\Local\Resmon.ResmonCfg
[2010/03/05 01:03:29 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/03/05 00:58:14 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2010/03/05 00:58:14 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\epDPE.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
The Extras.txt is in the follow-up post....
Thanks!
cbthmpsn
2010-12-05, 04:31
Here is the Extras.txt:
OTL Extras logfile created on: 12/4/2010 7:56:09 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Thompson Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 379.35 Gb Free Space | 84.10% Space Free | Partition Type: NTFS
Computer Name: BONUSROOM | User Name: Thompson Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6E2FA73-B2A7-8223-98EC-685E2E8F6CE0}" = ccc-utility64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A169B94-4AF2-AD4B-1265-E1074A347418}" = Catalyst Control Center Core Implementation
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F15BB9F-7E5E-A355-FA8E-C2164726E577}" = CCC Help Portuguese
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{277832E3-0A34-C91C-D344-2FED4C847397}" = CCC Help German
"{279355E6-EE94-A7A5-F6B5-2903748443AE}" = Catalyst Control Center Graphics Full New
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{290AC453-D1F4-F73B-F01C-0018BC10B62B}" = ccc-core-static
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39A3C9DD-457C-5BF1-4B2D-A76927264B26}" = CCC Help Dutch
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5AC4AE26-732F-40DE-CC6C-A4BFC2142BF8}" = CCC Help English
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{665B3CA4-DAB1-D27E-6727-0BEF6593E882}" = CCC Help Greek
"{674AD787-B463-ED3E-CCA8-4F49A9C1785D}" = Catalyst Control Center Localization All
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7009600B-85C8-5D83-1101-6446540F1897}" = Catalyst Control Center Graphics Previews Common
"{72F9F82C-0A0D-44a7-9FBD-3804D2EEA9ED}" = The Sims™ 2 Sampler - Create-A-Sim
"{7305AE01-CD11-18B5-DC5F-B1A2960935C3}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83BBF5E6-004F-1DBA-EC29-1033B675831B}" = CCC Help Thai
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8508FB72-89A3-41FD-DE33-9EEBFB298947}" = CCC Help Italian
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{97835E04-BA21-6878-768F-1B84EA2ADAC1}" = CCC Help Norwegian
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A192CA8A-5259-ECD5-1564-AB715B722432}" = CCC Help Japanese
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B31327DF-2B59-F072-8B44-79CDE915D75E}" = CCC Help Danish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B41423C9-C260-F8C8-39DD-541400ECF367}" = CCC Help French
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6CBE669-DDCA-DB7F-236D-18B20BEFF1B5}" = CCC Help Chinese Traditional
"{CA7D81F8-5661-3D97-F6B0-5E0993511A5D}" = CCC Help Finnish
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D069C7EF-001B-5378-9F71-F005DE42E255}" = Catalyst Control Center Graphics Light
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D2A7D7D8-1E27-8464-6666-44B6FB83B3FC}" = CCC Help Czech
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D86DE1ED-9BF1-6101-6D08-2D762B28D8C8}" = CCC Help Korean
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1A8F958-D748-63DD-F2D2-82BE71B0F905}" = CCC Help Hungarian
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E40A74A2-D821-2442-CCA3-75C54964D525}" = Catalyst Control Center Graphics Full Existing
"{E43ACD6B-0E7E-4F4C-0BA8-999FCB5FC5B9}" = CCC Help Chinese Standard
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E9684BDD-32A6-550C-6456-0A4209EB4F3A}" = CCC Help Russian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F05F2DB5-4300-C318-4560-08CD9E35F512}" = CCC Help Spanish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D038D6-6229-AA2E-A8D1-43EED2CBF0BD}" = CCC Help Swedish
"{F322850C-6CCB-FC54-D36D-0F4E1CC90CBF}" = Skins
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F527F14E-B80A-5BE7-DC85-8BF2D172067F}" = CCC Help Turkish
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF4F3E30-6638-6A16-2A68-139F6C613233}" = Catalyst Control Center Graphics Previews Vista
"{FFB07785-9FC3-334F-A54F-AC8D5B471EAE}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CleanUp!" = CleanUp!
"DiigoToolbar" = Diigo Toolbar for Internet Explorer
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee SecurityCenter
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT085457" = Hunting Unlimited 2010
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/27/2010 2:32:31 AM | Computer Name = BonusRoom | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.
Error - 11/27/2010 10:53:10 AM | Computer Name = BonusRoom | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error - 11/27/2010 2:08:02 PM | Computer Name = BonusRoom | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error - 11/28/2010 5:01:59 AM | Computer Name = BonusRoom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/28/2010 5:01:59 AM | Computer Name = BonusRoom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1186
Error - 11/28/2010 5:01:59 AM | Computer Name = BonusRoom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1186
Error - 11/28/2010 5:02:00 AM | Computer Name = BonusRoom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/28/2010 5:02:00 AM | Computer Name = BonusRoom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2387
Error - 11/28/2010 5:02:00 AM | Computer Name = BonusRoom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2387
Error - 11/28/2010 5:02:02 AM | Computer Name = BonusRoom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ Dell Events ]
Error - 11/8/2010 10:53:56 PM | Computer Name = BonusRoom | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
[ System Events ]
Error - 10/31/2010 6:19:08 PM | Computer Name = BonusRoom | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 11/8/2010 10:55:48 PM | Computer Name = BonusRoom | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 11/8/2010 10:55:58 PM | Computer Name = BonusRoom | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 11/8/2010 10:56:48 PM | Computer Name = BonusRoom | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 11/14/2010 12:16:07 AM | Computer Name = BonusRoom | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR4.
Error - 11/18/2010 9:11:01 AM | Computer Name = BonusRoom | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 11/26/2010 9:08:19 PM | Computer Name = BonusRoom | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 11/29/2010 1:46:41 AM | Computer Name = BonusRoom | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 11/29/2010 1:46:41 AM | Computer Name = BonusRoom | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 11/29/2010 1:47:01 AM | Computer Name = BonusRoom | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
< End of report >
Hi again,
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2010/11/26 12:07:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\ISKWTCLXS
[2010/11/26 12:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Thompson Family\AppData\Roaming\Internet Security Suite
[2010/11/26 12:06:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\8f4c3b
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224132.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224131.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224130.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224129.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224127.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224126.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224123.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-224118.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223246.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223244.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223242.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223241.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223240.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223239.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223238.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-223226.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133400.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133359.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133358.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133357.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133356.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133355.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-133353.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081133.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081132.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081131.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081130.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081126.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081124.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-081120.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022839.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022838.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022837.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022836.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022835.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022829.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022054.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022053.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022052.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-022051.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021334.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021333.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021332.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021331.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-021330.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020433.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020302.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020301.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020300.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020258.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020253.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020031.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020030.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020029.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020028.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020027.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020026.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020025.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020019.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020007.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020006.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020005.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020004.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-020002.backup
[2010/11/26 12:38:02 | 000,001,658 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101130-015956.backup
:Commands
[createrestorepoint]
[resethosts]
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post result log.
Uninstall old Adobe Reader versions and get the latest one (9.4 + 9.4.1 update or Adobe Reader X if offered) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall this old Java:
Java(TM) 6 Update 17 (64-bit)
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish.
Post back its report & a fresh OTL.txt log.
cbthmpsn
2010-12-05, 21:56
I ran the OTL with the custom scan/fixes as requested. Here is the result log:
All processes killed
========== OTL ==========
C:\ProgramData\ISKWTCLXS folder moved successfully.
C:\Users\Thompson Family\AppData\Roaming\Internet Security Suite folder moved successfully.
C:\ProgramData\8f4c3b\Quarantine Items folder moved successfully.
C:\ProgramData\8f4c3b\ISSSys folder moved successfully.
C:\ProgramData\8f4c3b\BackUp folder moved successfully.
C:\ProgramData\8f4c3b folder moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-224132.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-224131.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-224130.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-224129.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-224127.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-224126.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-224123.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-224118.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-223246.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-223244.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-223242.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-223241.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-223240.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-223239.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-223238.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-223226.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-133400.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-133359.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-133358.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-133357.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-133356.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-133355.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-133353.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-081133.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-081132.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-081131.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-081130.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-081126.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-081124.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-081120.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022839.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022838.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022837.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022836.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022835.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022829.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022054.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022053.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022052.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-022051.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-021334.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-021333.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-021332.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-021331.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-021330.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020433.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020302.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020301.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020300.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020258.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020253.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020031.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020030.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020029.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020028.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020027.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020026.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020025.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020019.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020007.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020006.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020005.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020004.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-020002.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101130-015956.backup moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Thompson Family
->Temp folder emptied: 71766 bytes
->Temporary Internet Files folder emptied: 66455122 bytes
->Java cache emptied: 21659937 bytes
->Apple Safari cache emptied: 5192704 bytes
->Flash cache emptied: 3218003 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 730452 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 93.00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 12052010_113016
Files\Folders moved on Reboot...
C:\Users\Thompson Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
I uninstalled the old Adobe Reader version. I clicked on installing version 9.4 (not sure what the difference between 9.4 and MUI 9.4), but it ended up offering version X anyway, which I installed.
I uninstalled the Java update as advised.
ESET took a long time to come up, but finally did. I didn't see an opportunity to capture a log, but the results showed no threats. I did take a screen image of the ESET finish screen, if you want that.
Finally, here is an updated OTL.txt log:
OTL logfile created on: 12/5/2010 1:46:15 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Thompson Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 382.52 Gb Free Space | 84.80% Space Free | Partition Type: NTFS
Computer Name: BONUSROOM | User Name: Thompson Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Thompson Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Users\Thompson Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) Logitech Webcam 120(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mr97310c) -- C:\Windows\SysNative\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/11/30 18:56:06 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/12/05 11:30:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101102153634.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101102153634.dll (McAfee, Inc.)
O2 - BHO: (Diigo Toolbar Helper) - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll (Diigo inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Diigo Toolbar) - {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll (Diigo inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Users\Thompson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Diigo - {B952F2E0-5F9F-4898-89A8-4FB770625E09} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.20.dll (Diigo inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2097ed3c-cc6b-11df-bc18-a4badbeaa187}\Shell - "" = AutoRun
O33 - MountPoints2\{2097ed3c-cc6b-11df-bc18-a4badbeaa187}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{223984b5-b021-11df-ae6b-a4badbeaa187}\Shell - "" = AutoRun
O33 - MountPoints2\{223984b5-b021-11df-ae6b-a4badbeaa187}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/05 12:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/12/05 11:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/12/05 11:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/12/05 11:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/12/05 11:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/12/05 11:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/12/05 11:30:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/04 19:52:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Thompson Family\Desktop\OTL.exe
[2010/11/30 08:29:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/30 08:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/11/30 01:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/30 01:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/11/30 00:27:40 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/30 00:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/30 00:23:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/30 00:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/11/30 00:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/11/30 00:22:21 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/30 00:22:21 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/30 00:22:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/30 00:22:21 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/30 00:21:11 | 000,000,000 | ---D | C] -- C:\Users\Thompson Family\AppData\Local\Windows Live
[2010/11/30 00:20:39 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/11/30 00:20:39 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/11/30 00:20:39 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/11/30 00:20:39 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/11/30 00:20:39 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/11/30 00:20:39 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/11/30 00:20:38 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/11/18 22:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diigo
[2010/11/08 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/08 20:59:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 20:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 20:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
========== Files - Modified Within 30 Days ==========
[2010/12/05 13:44:37 | 000,260,317 | ---- | M] () -- C:\Users\Thompson Family\Desktop\eset scan results 12-05-10.docx
[2010/12/05 13:32:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/05 11:56:37 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/05 11:40:22 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 11:40:22 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 11:37:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/05 11:37:32 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/05 11:37:32 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/05 11:33:17 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/12/05 11:33:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/05 11:33:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/05 11:32:58 | 3019,202,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/05 11:30:34 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/12/04 19:52:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Thompson Family\Desktop\OTL.exe
[2010/12/04 19:49:28 | 000,080,384 | ---- | M] () -- C:\Users\Thompson Family\Desktop\MBRCheck.exe
[2010/11/30 08:28:52 | 000,000,907 | ---- | M] () -- C:\Users\Thompson Family\Desktop\ERUNT.lnk
[2010/11/30 01:33:54 | 000,001,284 | ---- | M] () -- C:\Users\Thompson Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/30 01:33:54 | 000,001,260 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Spybot - Search & Destroy.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/28 08:25:38 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/11/26 13:59:30 | 000,084,451 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Nash.docx
[2010/11/20 08:40:10 | 000,012,009 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Basketball quotes, stories.docx
[2010/11/19 00:30:59 | 000,030,458 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Slice and Stagger.docx
[2010/11/11 18:13:39 | 073,664,403 | ---- | M] () -- C:\Users\Thompson Family\Documents\AutoSave_Untitled.skp
[2010/11/08 21:39:56 | 000,011,539 | ---- | M] () -- C:\Users\Thompson Family\Desktop\Shot Science Strength Program.docx
========== Files Created - No Company Name ==========
[2010/12/05 13:44:36 | 000,260,317 | ---- | C] () -- C:\Users\Thompson Family\Desktop\eset scan results 12-05-10.docx
[2010/12/05 11:56:37 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/04 19:49:28 | 000,080,384 | ---- | C] () -- C:\Users\Thompson Family\Desktop\MBRCheck.exe
[2010/11/30 08:28:52 | 000,000,907 | ---- | C] () -- C:\Users\Thompson Family\Desktop\ERUNT.lnk
[2010/11/30 01:33:54 | 000,001,284 | ---- | C] () -- C:\Users\Thompson Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/30 01:33:54 | 000,001,260 | ---- | C] () -- C:\Users\Thompson Family\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 13:59:29 | 000,084,451 | ---- | C] () -- C:\Users\Thompson Family\Desktop\Nash.docx
[2010/11/19 00:25:47 | 000,012,009 | ---- | C] () -- C:\Users\Thompson Family\Desktop\Basketball quotes, stories.docx
[2010/11/10 17:54:48 | 073,664,403 | ---- | C] () -- C:\Users\Thompson Family\Documents\AutoSave_Untitled.skp
[2010/11/08 21:39:56 | 000,011,539 | ---- | C] () -- C:\Users\Thompson Family\Desktop\Shot Science Strength Program.docx
[2010/10/21 17:28:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/13 00:19:08 | 000,000,022 | ---- | C] () -- C:\Users\Thompson Family\AppData\Local\kodakpcd.ini
[2010/04/20 22:56:10 | 000,007,620 | ---- | C] () -- C:\Users\Thompson Family\AppData\Local\Resmon.ResmonCfg
[2010/03/05 01:03:29 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/03/05 00:58:14 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2010/03/05 00:58:14 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\epDPE.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
Thanks, as always, for your assistance!!
Looks pretty good :)
Please run Spybot and let me know if it finds anything.
cbthmpsn
2010-12-06, 00:14
Spybot found no threats!! You guys are amazing....
Many thanks for the assistance. I am not sure how this got on our system, but do you have any suggestions for software to avoid a repeat? As I am sure you saw, I have McAfee on this (came with the computer) and also use MalwareBytes. What do you recommend for anti-virus?
Thanks again.....
You're welcome :)
What do you recommend for anti-virus?
Up-to-date McAfee is ok.
Other commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)
Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html) and
AVG Free Antivirus (http://free.grisoft.com/ww.download-avg-anti-virus-free-edition)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.