PDA

View Full Version : Fraud.WindowsProtectionSuite



Steinhiser
2010-12-31, 04:52
--- Search result list ---
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100




DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Owner at 20:32:16.21 on Thu 12/30/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3007.1698 [GMT -6:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Downloads\dds (1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.igoogle.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAA0ADYAMgA0ADQANwAxADAALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.872
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Users\Owner\Desktop\ERUNT\AUTOBACK.EXE
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
IFEO: image file execution options - svchost.exe
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-30 1153368]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-11-23 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-12-11 35840]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2007-12-26 340992]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 12872]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]

=============== Created Last 30 ================

2010-12-31 02:04:38 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{A32CA634-45B3-419E-AE6D-88903B39F5C5}\mpengine.dll
2010-12-30 23:55:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-30 23:09:18 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-30 21:03:14 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f86ea8401cba86419\InstallManager_WLE_WLE.exe
2010-12-30 21:03:02 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f220903e1cba8640e\MeshBetaRemover.exe
2010-12-30 21:02:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9539541cba86406\DSETUP.dll
2010-12-30 21:02:50 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9539541cba86406\DXSETUP.exe
2010-12-30 21:02:50 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9539541cba86406\dsetup32.dll
2010-12-30 21:02:48 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9450dc21cba86405\DSETUP.dll
2010-12-30 21:02:48 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9450dc21cba86405\DXSETUP.exe
2010-12-30 21:02:48 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e9450dc21cba86405\dsetup32.dll
2010-12-28 21:32:33 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-27 19:21:15 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live
2010-12-27 19:21:03 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-12-27 19:21:03 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-12-27 19:21:03 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-12-27 19:21:03 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-12-27 19:21:02 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-12-27 19:21:02 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-12-27 19:21:01 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-12-27 19:20:49 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-12-27 19:13:08 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-12-27 19:12:04 758272 ----a-w- C:\Windows\System32\cohelper.dll
2010-12-27 19:12:03 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-12-27 16:55:02 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-12-27 16:55:00 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-12-27 16:45:31 6231376 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-12-27 16:45:29 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B5D802BF-E165-4A72-ACC6-AA059739A7E0}\mpengine.dll
2010-12-27 16:35:06 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2010-12-27 16:35:06 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2010-12-27 16:35:05 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
2010-12-27 16:35:05 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2010-12-27 16:04:03 -------- d-----w- C:\Program Files\CCleaner
2010-12-27 04:29:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\GetRightToGo
2010-12-26 23:48:36 -------- d-sh--w- C:\PROGRA~3\PIMICDS
2010-12-26 23:47:40 -------- d-sh--w- C:\PROGRA~3\440aab
2010-12-25 16:02:17 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2010-12-25 16:02:12 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-12-25 16:02:12 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-12-25 16:02:12 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-12-17 09:01:41 -------- d-----w- C:\2db16a8ff5834a0631d0af724679
2010-12-11 18:42:17 35840 ----a-r- C:\Windows\System32\drivers\BVRPMPR5a64.SYS
2010-12-11 18:42:00 -------- d-----w- C:\Netgear

==================== Find3M ====================

2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 20:51:33 270720 ----a-w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-07 18:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll
2010-10-07 18:36:16 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2010-10-07 18:36:16 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2010-10-07 18:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-10-07 18:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-10-07 18:23:02 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2010-10-07 18:23:02 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-10-07 18:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 20:32:31.28 ===============

ken545
2011-01-04, 00:50
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.




Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Steinhiser
2011-01-06, 04:17
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5466

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/5/2011 8:16:18 PM
mbam-log-2011-01-05 (20-16-18).txt

Scan type: Quick scan
Objects scanned: 165169
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Steinhiser
2011-01-06, 04:25
OTL logfile created on: 1/5/2011 8:22:15 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 661.77 Gb Free Space | 94.74% Space Free | Partition Type: NTFS
Drive D: | 189.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\wg111v2.sys (NETGEAR Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 9B 48 FA DE 75 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074



O1 HOSTS File: ([2010/12/26 18:19:45 | 000,002,686 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 64.27.9.110 www.google.com
O1 - Hosts: 64.27.9.110 google.com
O1 - Hosts: 64.27.9.110 google.com.au
O1 - Hosts: 64.27.9.110 www.google.com.au
O1 - Hosts: 64.27.9.110 google.be
O1 - Hosts: 64.27.9.110 www.google.be
O1 - Hosts: 64.27.9.110 google.com.br
O1 - Hosts: 64.27.9.110 www.google.com.br
O1 - Hosts: 64.27.9.110 google.ca
O1 - Hosts: 64.27.9.110 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Users\Owner\Desktop\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/21 18:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/15 03:17:00 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ce80c425-e1cf-11de-bd7b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce80c425-e1cf-11de-bd7b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008/02/21 18:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{d97be665-e2c3-11de-84ca-002421dbeeb7}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 20:20:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/05 20:10:59 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Owner\Desktop\ATF-Cleaner.exe
[2010/12/30 20:56:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2010/12/30 20:56:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live Writer
[2010/12/30 18:46:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/30 18:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2010/12/30 18:46:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ERUNT
[2010/12/30 17:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010/12/30 17:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/30 17:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/30 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/12/27 13:21:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live
[2010/12/27 13:21:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/12/27 13:21:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/12/27 13:21:03 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/12/27 13:21:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/12/27 13:21:02 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/12/27 13:21:02 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/12/27 13:21:01 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/12/27 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/12/27 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/12/27 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/12/27 13:12:04 | 000,758,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\cohelper.dll
[2010/12/27 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/12/27 10:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/12/27 10:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/12/27 10:35:06 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2010/12/27 10:35:06 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2010/12/27 10:35:05 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2010/12/27 10:35:05 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2010/12/27 10:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2010/12/27 10:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/26 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Downloads
[2010/12/26 22:29:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2010/12/26 20:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/26 17:48:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIMICDS
[2010/12/26 17:47:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\440aab
[2010/12/26 10:49:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Libraries
[2010/12/25 10:02:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/12/25 10:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/12/25 10:02:12 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/12/25 10:02:12 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/12/25 10:02:12 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/12/25 10:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/12/25 10:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/25 10:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/12/25 10:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/25 10:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/12/25 10:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010/12/25 10:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/25 10:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/12/25 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/12/25 10:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/25 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/25 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/12/25 10:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/12/25 10:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/12/21 21:41:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\U3
[2010/12/17 03:01:41 | 000,000,000 | ---D | C] -- C:\2db16a8ff5834a0631d0af724679
[2010/12/16 11:39:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/16 11:39:47 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/16 11:39:47 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/16 11:39:47 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/16 11:39:47 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/16 11:39:47 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/16 11:39:47 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010/12/16 11:39:47 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/16 11:39:45 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/16 11:39:45 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/16 11:39:45 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/16 11:39:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/16 11:39:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010/12/16 11:39:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/16 11:39:40 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/16 11:39:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/16 11:39:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/16 11:39:35 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/16 11:39:35 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/16 11:39:35 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/16 11:39:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/16 11:39:35 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/16 11:39:34 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/16 11:39:34 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/16 11:39:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/16 11:39:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/16 11:39:34 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/16 11:39:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/16 11:39:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/11 12:42:17 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2010/12/11 12:42:00 | 000,000,000 | ---D | C] -- C:\Netgear

========== Files - Modified Within 30 Days ==========

[2011/01/05 20:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/05 20:20:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2632459977-2929553935-280773445-1001Core.job
[2011/01/05 20:10:59 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Owner\Desktop\ATF-Cleaner.exe
[2011/01/05 20:08:46 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2632459977-2929553935-280773445-1001UA.job
[2011/01/05 20:08:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/04 19:00:26 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/04 19:00:26 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/04 18:57:28 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/04 18:57:28 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/04 18:57:28 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/04 18:53:07 | 2365,087,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/04 08:49:28 | 000,428,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/03 20:58:43 | 000,004,170 | ---- | M] () -- C:\Users\Owner\Desktop\Attach (2).zip
[2011/01/02 20:54:47 | 000,013,732 | ---- | M] () -- C:\Users\Owner\Documents\Dwayne Scherb & Tina Young.docx
[2010/12/30 18:46:13 | 000,000,760 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/30 18:46:04 | 000,000,543 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/12/30 17:56:13 | 000,001,282 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/30 17:56:13 | 000,001,258 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/12/27 13:18:04 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/27 10:55:00 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/27 10:04:04 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202737.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202736.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202735.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202734.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202733.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202732.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202731.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202730.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202729.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182619.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182618.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182617.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182616.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182615.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182614.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182255.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182254.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182253.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182252.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182251.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182248.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175434.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175433.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175432.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175431.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175430.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175429.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175428.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175426.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172753.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172752.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172751.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172750.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172749.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172747.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/12/26 10:48:58 | 000,027,648 | ---- | M] () -- C:\Users\Owner\Desktop\Moodle instructions.doc
[2010/12/26 10:48:45 | 000,108,544 | ---- | M] () -- C:\Users\Owner\Desktop\Charter Schools Grant_High Ability memo.doc
[2010/12/26 10:48:45 | 000,108,544 | ---- | M] () -- C:\Users\Owner\Desktop\Charter Schools Grant_High Ability memo - Copy.doc
[2010/12/26 10:48:33 | 000,041,472 | ---- | M] () -- C:\Users\Owner\Desktop\Memo of Understanding charter grant 2010-2011.doc
[2010/12/25 10:02:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/25 10:01:28 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/11 12:55:27 | 000,005,887 | ---- | M] () -- C:\Users\Owner\Desktop\Router_Setup.html

========== Files Created - No Company Name ==========

[2011/01/03 20:58:43 | 000,004,170 | ---- | C] () -- C:\Users\Owner\Desktop\Attach (2).zip
[2011/01/02 20:54:16 | 000,013,732 | ---- | C] () -- C:\Users\Owner\Documents\Dwayne Scherb & Tina Young.docx
[2010/12/30 18:46:13 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/30 18:46:04 | 000,000,543 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/12/30 17:56:13 | 000,001,282 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/30 17:56:13 | 000,001,258 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/12/27 13:17:46 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/27 10:55:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/27 10:04:04 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/26 10:49:49 | 000,108,544 | ---- | C] () -- C:\Users\Owner\Desktop\Charter Schools Grant_High Ability memo - Copy.doc
[2010/12/26 10:48:58 | 000,027,648 | ---- | C] () -- C:\Users\Owner\Desktop\Moodle instructions.doc
[2010/12/26 10:48:44 | 000,108,544 | ---- | C] () -- C:\Users\Owner\Desktop\Charter Schools Grant_High Ability memo.doc
[2010/12/26 10:48:32 | 000,041,472 | ---- | C] () -- C:\Users\Owner\Desktop\Memo of Understanding charter grant 2010-2011.doc
[2010/12/25 10:02:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/25 10:01:28 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/11 12:55:27 | 000,000,172 | R--- | C] () -- C:\Users\Owner\Desktop\Router Login.url
[2010/12/11 12:55:24 | 000,005,887 | ---- | C] () -- C:\Users\Owner\Desktop\Router_Setup.html
[2010/07/16 15:24:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/05 13:03:03 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/14 14:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

========== LOP Check ==========

[2010/12/26 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/12/05 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/01/04 09:07:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2010/06/15 14:46:07 | 000,019,922 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 820 bytes -> C:\Users\Owner\Desktop\Steinhiser Personal Taxes 2009.eml:OECustomProperty
@Alternate Data Stream - 160 bytes -> C:\Users\Owner\Desktop\herpderp.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Owner\Desktop\Affidavit of Compliance.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Steinhiser
2011-01-06, 04:26
OTL Extras logfile created on: 1/5/2011 8:22:15 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 661.77 Gb Free Space | 94.74% Space Free | Partition Type: NTFS
Drive D: | 189.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91175441-4E5D-4e13-B116-828FD352CDB2}" = Canon MP170
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7E8FF4A8-10EE-4C95-83B2-73856BFE1033}" = Nero 8 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

ken545
2011-01-06, 11:26
Good Morning,

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202737.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202736.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202735.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202734.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202733.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202732.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202731.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202730.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-202729.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182619.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182618.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182617.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182616.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182615.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182614.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182255.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182254.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182253.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182252.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182251.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-182248.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175434.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175433.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175432.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175431.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175430.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175429.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175428.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-175426.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172753.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172752.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172751.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172750.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172749.backup
[2010/12/26 18:19:45 | 000,002,686 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101230-172747.backup

:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Steinhiser
2011-01-09, 06:34
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Windows\SysNative\drivers\etc\hosts.20101230-202737.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-202736.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-202735.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-202734.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-202733.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-202732.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-202731.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-202730.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-202729.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182619.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182618.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182617.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182616.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182615.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182614.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182255.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182254.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182253.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182252.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182251.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-182248.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-175434.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-175433.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-175432.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-175431.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-175430.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-175429.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-175428.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-175426.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-172753.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-172752.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-172751.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-172750.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-172749.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101230-172747.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 289963 bytes
->Temporary Internet Files folder emptied: 42305739 bytes
->Java cache emptied: 40781457 bytes
->Google Chrome cache emptied: 8592377 bytes
->Flash cache emptied: 4953 bytes

User: Public

User: Steinhiser
->Temp folder emptied: 36020 bytes
->Temporary Internet Files folder emptied: 1023301 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19088 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 89.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.1 log created on 01082011_222927

Files\Folders moved on Reboot...
File\Folder C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF1886FBF011736556.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF1FB96307C7FF56ED.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF39F373813B2B7CEB.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF46CA126C3AD15539.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF6F460FC236AC70C4.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF9D9D05EA46170C69.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFAF75F0743AE5B2C7.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFC6981F99BEE28154.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFCFD3E6BAA3A3A929.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFD1ABE2FF4D95DEA6.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFD589A97465E5C3DD.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFE4B849B7FFA5E95E.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFE504D7677FF1966F.TMP not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFF80871AFE21414CE.TMP not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JT4OL0I8\showthread[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4Q2CBHHY\forumdisplay[2].htm moved successfully.

Registry entries deleted on Reboot...

Steinhiser
2011-01-09, 06:37
OTL logfile created on: 1/8/2011 10:35:13 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 662.45 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
Drive D: | 189.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\wg111v2.sys (NETGEAR Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 9B 48 FA DE 75 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/01/08 22:31:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Users\Owner\Desktop\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/21 18:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/15 03:17:00 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ce80c425-e1cf-11de-bd7b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce80c425-e1cf-11de-bd7b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008/02/21 18:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{d97be665-e2c3-11de-84ca-002421dbeeb7}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 22:29:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/07 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2011/01/05 20:20:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/05 20:10:59 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Owner\Desktop\ATF-Cleaner.exe
[2010/12/30 20:56:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2010/12/30 20:56:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live Writer
[2010/12/30 18:46:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/30 18:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2010/12/30 18:46:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ERUNT
[2010/12/30 17:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2010/12/30 17:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/30 17:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/30 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/12/27 13:21:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live
[2010/12/27 13:21:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/12/27 13:21:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/12/27 13:21:03 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/12/27 13:21:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/12/27 13:21:02 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/12/27 13:21:02 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/12/27 13:21:01 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/12/27 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/12/27 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/12/27 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/12/27 13:12:04 | 000,758,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\cohelper.dll
[2010/12/27 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/12/27 10:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/12/27 10:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/12/27 10:35:06 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2010/12/27 10:35:06 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2010/12/27 10:35:05 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2010/12/27 10:35:05 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2010/12/27 10:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2010/12/27 10:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/26 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Downloads
[2010/12/26 22:29:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2010/12/26 20:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/26 17:48:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIMICDS
[2010/12/26 17:47:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\440aab
[2010/12/26 10:49:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Libraries
[2010/12/25 10:02:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/12/25 10:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/12/25 10:02:12 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/12/25 10:02:12 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/12/25 10:02:12 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/12/25 10:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/12/25 10:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/25 10:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/12/25 10:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/25 10:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/12/25 10:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010/12/25 10:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/25 10:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/12/25 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/12/25 10:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/25 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/25 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/12/25 10:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/12/25 10:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/12/21 21:41:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\U3
[2010/12/17 03:01:41 | 000,000,000 | ---D | C] -- C:\2db16a8ff5834a0631d0af724679
[2010/12/16 11:39:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/16 11:39:47 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/16 11:39:47 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/16 11:39:47 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/16 11:39:47 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/16 11:39:47 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/16 11:39:47 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010/12/16 11:39:47 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/16 11:39:45 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/16 11:39:45 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/16 11:39:45 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/16 11:39:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/16 11:39:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010/12/16 11:39:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/16 11:39:40 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/16 11:39:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/16 11:39:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/16 11:39:35 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/16 11:39:35 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/16 11:39:35 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/16 11:39:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/16 11:39:35 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/16 11:39:34 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/16 11:39:34 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/16 11:39:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/16 11:39:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/16 11:39:34 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/16 11:39:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/16 11:39:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/11 12:42:17 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2010/12/11 12:42:00 | 000,000,000 | ---D | C] -- C:\Netgear

========== Files - Modified Within 30 Days ==========

[2011/01/08 22:32:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/08 22:31:49 | 2365,087,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/08 22:31:00 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/08 22:21:50 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2632459977-2929553935-280773445-1001UA.job
[2011/01/08 22:21:50 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2632459977-2929553935-280773445-1001Core.job
[2011/01/05 20:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/05 20:10:59 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Owner\Desktop\ATF-Cleaner.exe
[2011/01/04 19:00:26 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/04 19:00:26 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/04 18:57:28 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/04 18:57:28 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/04 18:57:28 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/04 08:49:28 | 000,428,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/03 20:58:43 | 000,004,170 | ---- | M] () -- C:\Users\Owner\Desktop\Attach (2).zip
[2011/01/02 20:54:47 | 000,013,732 | ---- | M] () -- C:\Users\Owner\Documents\Dwayne Scherb & Tina Young.docx
[2010/12/30 18:46:13 | 000,000,760 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/30 18:46:04 | 000,000,543 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/12/30 17:56:13 | 000,001,282 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/30 17:56:13 | 000,001,258 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/12/27 13:18:04 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/27 10:55:00 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/27 10:04:04 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/26 10:48:58 | 000,027,648 | ---- | M] () -- C:\Users\Owner\Desktop\Moodle instructions.doc
[2010/12/26 10:48:45 | 000,108,544 | ---- | M] () -- C:\Users\Owner\Desktop\Charter Schools Grant_High Ability memo.doc
[2010/12/26 10:48:45 | 000,108,544 | ---- | M] () -- C:\Users\Owner\Desktop\Charter Schools Grant_High Ability memo - Copy.doc
[2010/12/26 10:48:33 | 000,041,472 | ---- | M] () -- C:\Users\Owner\Desktop\Memo of Understanding charter grant 2010-2011.doc
[2010/12/25 10:02:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/25 10:01:28 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/11 12:55:27 | 000,005,887 | ---- | M] () -- C:\Users\Owner\Desktop\Router_Setup.html

========== Files Created - No Company Name ==========

[2011/01/03 20:58:43 | 000,004,170 | ---- | C] () -- C:\Users\Owner\Desktop\Attach (2).zip
[2011/01/02 20:54:16 | 000,013,732 | ---- | C] () -- C:\Users\Owner\Documents\Dwayne Scherb & Tina Young.docx
[2010/12/30 18:46:13 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/30 18:46:04 | 000,000,543 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2010/12/30 17:56:13 | 000,001,282 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/30 17:56:13 | 000,001,258 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/12/27 13:17:46 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/27 10:55:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/27 10:04:04 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/26 10:49:49 | 000,108,544 | ---- | C] () -- C:\Users\Owner\Desktop\Charter Schools Grant_High Ability memo - Copy.doc
[2010/12/26 10:48:58 | 000,027,648 | ---- | C] () -- C:\Users\Owner\Desktop\Moodle instructions.doc
[2010/12/26 10:48:44 | 000,108,544 | ---- | C] () -- C:\Users\Owner\Desktop\Charter Schools Grant_High Ability memo.doc
[2010/12/26 10:48:32 | 000,041,472 | ---- | C] () -- C:\Users\Owner\Desktop\Memo of Understanding charter grant 2010-2011.doc
[2010/12/25 10:02:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/25 10:01:28 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/11 12:55:27 | 000,000,172 | R--- | C] () -- C:\Users\Owner\Desktop\Router Login.url
[2010/12/11 12:55:24 | 000,005,887 | ---- | C] () -- C:\Users\Owner\Desktop\Router_Setup.html
[2010/07/16 15:24:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/05 13:03:03 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/14 14:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 820 bytes -> C:\Users\Owner\Desktop\Steinhiser Personal Taxes 2009.eml:OECustomProperty
@Alternate Data Stream - 160 bytes -> C:\Users\Owner\Desktop\herpderp.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Owner\Desktop\Affidavit of Compliance.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

ken545
2011-01-09, 13:24
Looking good, system running any better ?


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

http://www.eset.com/onlinescan/

Steinhiser
2011-01-12, 02:54
Running way better!! :) Thank you for all of your help!!

About to run the next scan you suggested now...

Steinhiser
2011-01-12, 05:14
No threats were found.

ken545
2011-01-12, 13:34
:bigthumb:

Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.




Open OTL and click on Cleanup and it will remove the tools we used to clean your system and there backups




Malwarebytes is the free version and yours to keep.





How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken

ken545
2011-01-16, 12:18
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.