Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown virus or spyware


  • This topic is locked This topic is locked
11 replies to this topic

#1 AuntieSuz

AuntieSuz

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 20 August 2009 - 02:56 PM

I've been working with a very kind person on this site under the Security > Am I infected? What do I do? forum. After several days of troubleshooting, they asked me to post here for your help.

Here's my original request:
I was out of town for 10 days and someone else was using my computer. Upon return, there was a Windows Security Suite virus that pretty much had hijacked the entire computer. I ran MalwareBytes.... and pretty much got rid of that issue as best as I can tell.

However, I cannot run a Google Search - my results are redirected.

Worse - I cannot access my Gmail, Google calendar, home page, or anything else google-related. I AM able to access them on any other computer, just not on mine.

Any suggestions would be greatly appreciated.
--------
My topic in that forum is: http://www.bleepingcomputer.com/forums/t/247683/cant-access-google-anything/

I went through your Preparation Guide and had some problems there.
I did all steps as instructed, until Step 6 - Run DDS. I disabled VB Scripting, but am still unable to run a DDS log. When I start the program, it opens and I get the following:
As per the instructions you would have received, kindly ensure any onboard script blocking tools have been disabled for they shall interfere with DDS.
DDS is a non-invasive diagnostic tool.
-DDS makes no registry writes/changes
-DDS does not create any permanent files/folders.
This scan should not take longer then three minutes to complete.
When the scan is complete, a logfile/report shall pop open.
Post the contents of the logfile to the forum where it was requested
We only require it to run just once. Dispose after use.

On the first attempt, I let it run for 15 minutes but it did not finish. When I tried to close, it doesn't respond.
On the second attempt, I let it run for over 12 hours. Again it did not finish, and wouldn't respond when I attempted to close it.

So.... I do not have a DDS log to post.

I did run RootRepeal scan and attached that log.

Here's what is happening with each program.
Google (search)
I can enter search terms, however, I cannot click the link after results are returned. I always get redirected.
I can Google search a couple of times, and then after the 3rd or 4th search, I get a completely blank screen - no results, no nothing and have to close the browser.
I'm not able to change any preferences (used to be able to with no problems). When I click Preferences, the very first option says:
Global Preferences (changes apply to all Google services)
Your cookies seem to be disabled. Setting preferences will not work until you enable cookies in your browser.
How do I enable cookies? (this is a link)
When I click the click, I get a Page cannot be found error. When I double-check my Preferences in IE > Tools > Internet Options > My Privacy settings are set at Medium. Obviously should be enough leniency to allow changes (and has in the past). I always have this setting set at Medium, and have never had any problems changing my Google preferences.

Gmail
When I try to access my Gmail account, one of two things happens.
When I type www.gmail.com in the address bar, I get this page:
http://www.google.com/hws/dell-usuk/afe?hl=en&channel=us&s=http://www.gmail.com/
where it states "Sorry, we couldn't find
http://www.gmail.com/
. Here are some related websites...."
If I go to google.com first, then click the Gmail link, I just get a blank page. Nothing happens, no errors, just a completely blank page.

Google home page
When I try to open www.google.com/ig, it takes a couple of minutes for anything to happen (the green status bar at the bottom of the page slowly , very slowly moves), then I get nothing. It never moves off my current home page (MSN) or whatever page I'm on when I type the address.

Google calendar
If I go to www.google.com, then click Calendar from the more drop-down list, I get this:
[url=http://www.google.com/calendar/render?hl=en&tab=wc]http://www.google.com/calendar/render?hl=en&tab=wc[/url]
but the page is completely blank.
If I type calendar.google.com, the green status thinks and thinks (VERY slow), then I get "The page cannot be displayed" error.

Note that Google maps works just fine as does Google news.

Thank you in advance for your help!

Attached Files

  • Attached File  ark.txt   3.54KB   4 downloads

Edited by Orange Blossom, 21 August 2009 - 12:47 AM.
Fix topic link, disable other links. ~ OB


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:04 AM

Posted 29 August 2009 - 03:17 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.


==============


Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 AuntieSuz

AuntieSuz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 31 August 2009 - 03:00 AM

Thanks so much for your help. Below is my OTL report. However, when I tried to run GMER, I got the blue screen of death with this information:
aujasnkj.sys
page fault in nonpaged area
Technical information:
STOP:0x00000050 (0xFAE47000,0x00000000, ox97AF17E3, 0x00000000)
aujasnkj.sys - Address 97AF17E3 base at 97AE6000, DateStamp 4a891380

A quick update on my computer otherwise: I'm still not able to open Gmail, Gmail calendar, or the home page. Searches using Google are still redirected. A month ago when I first reported, it was only Google searches that were affected. Now Yahoo and Bing are also getting redirected, or I can't even open the page to search at all.

Here's the OTL log:
OTL logfile created on: 8/30/2009 8:10:40 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\TeamVinzanne\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 359.06 Mb Available Physical Memory | 35.41% Memory free
2.38 Gb Paging File | 1.71 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 100.67 Gb Free Space | 69.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DC3MT3C1
Current User Name: TeamVinzanne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/12/15 11:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/05/02 10:54:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/10/16 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/29 13:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/07/21 22:50:10 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/07/21 22:47:00 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/08/05 12:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/07/24 16:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 06:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2005/10/05 02:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 04:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 15:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2007/10/26 16:42:48 | 00,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2005/07/22 15:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 16:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcccoms.exe
PRC - [2006/03/03 15:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/05/02 10:54:10 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/10/26 16:42:40 | 00,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2007/10/25 10:04:56 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/16 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
PRC - [2006/07/16 20:29:54 | 00,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2009/08/05 16:06:26 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2003/10/29 01:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/08/04 14:27:34 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/05/01 12:11:48 | 06,395,464 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
PRC - [2007/05/01 12:12:10 | 00,058,952 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
PRC - [2007/05/01 12:12:10 | 00,075,336 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
PRC - [2007/10/25 10:05:40 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
PRC - [2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/30 08:09:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TeamVinzanne\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/06/21 16:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
SRV - [2005/12/15 11:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/08/04 14:27:34 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/07 16:16:26 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/02 10:54:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/10/16 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Running])
SRV - [2007/10/16 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 03:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 04:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 11:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 04:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 04:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 04:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 04:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 11:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 04:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 04:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 02:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 04:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/06/05 12:49:08 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/11/17 20:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 20:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/07/22 01:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor [Boot | Running])
DRV - [2003/04/09 17:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/10/16 20:50:00 | 00,064,168 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2007/10/16 20:50:00 | 00,072,680 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/10/16 20:50:00 | 00,033,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/10/16 20:50:00 | 00,171,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2007/10/16 20:50:00 | 00,031,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2007/10/16 20:50:00 | 00,051,944 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - File not found -- Service key not found. -- (rootrepeal [Unknown | Stopped])
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/07/24 16:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2003/11/17 20:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\S-1-5-21-1466988827-3886591253-2063323200-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\S-1-5-21-1466988827-3886591253-2063323200-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/05/01 01:40:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/02 10:54:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/02 12:26:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 14:26:05 | 00,000,000 | ---D | M]

[2009/03/04 18:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TeamVinzanne\Application Data\mozilla\Extensions
[2009/03/04 18:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TeamVinzanne\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/03/03 19:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TeamVinzanne\Application Data\mozilla\Firefox\Profiles\8kvrlqj5.default\extensions
[2009/06/26 21:45:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/04 18:01:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/05 18:05:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/02 10:54:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/02/19 18:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 18:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/11/14 18:34:14 | 00,090,112 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/05/02 10:54:10 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/19 18:43:35 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/19 12:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 12:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 12:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 12:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 12:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/02 18:19:40 | 00,001,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2009/02/19 12:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (8319 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhostഀ
O1 - Hosts: 㐷ㄮ㔲㐮⸵〱‰整瑳ㄱㄱ挮浯਍㐷ㄮ㔲㐮⸵〱‰整瑳ㄱ㈱挮浯਍㐷ㄮ㔲㐮⸵〱‰ⴴ灯湥搭癡湩楣挮浯਍㐷ㄮ㔲㐮⸵〱‰敳畣楲祴潳瑦慷敲慰浹湥獴挮浯਍㐷ㄮ㔲㐮⸵〱‰牰癩瑡獥捥牵摥慰浹湥獴挮浯਍㐷ㄮ㔲㐮⸵〱‰敳畣敲瀮楲慶整敳畣敲灤祡敭瑮⹳潣൭㜊⸴㈱⸵㔴ㄮ〰朠瑥湡楴楶畲灳畬湳睯挮浯਍㐷ㄮ㔲㐮⸵〱‰敳畣敲瀭畬⵳慰浹湥獴挮浯਍㐷ㄮ㔲㐮⸵〱‰睷⹷敧慴瑮癩物獵汰獵潮⹷潣൭㜊⸴㈱⸵㔴ㄮ〰眠睷献捥牵ⵥ汰獵瀭祡敭瑮⹳潣൭㜊⸴㈱⸵㔴ㄮ〰眠睷朮瑥癡汰獵潮⹷潣൭㜊⸴㈱⸵㔴ㄮ〰眠睷献捥牵獥景睴牡扥汩⹬潣൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬愮൥㠊⸹㐲⸸㘱⸸㠱‸潧杯敬愮൳㠊⸹㐲⸸㘱⸸㠱‸潧杯敬愮൴㠊⸹㐲⸸㘱⸸㠱‸潧杯敬愮ൺ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬戮ൡ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬戮൥㠊⸹㐲⸸㘱⸸㠱‸潧杯敬戮൧㠊⸹㐲⸸㘱⸸㠱‸潧杯敬戮൳㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮ൡ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮൤㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯朮൨㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯栮൫㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯樮൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯洮൸㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯洮൹㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯渮ൡ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯渮൦㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯渮൧㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮൨㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯渮൰㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯瀮൲㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯焮ൡ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯献൧㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯琮൪㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯琮൷㠊⸹㐲⸸㘱⸸㠱‸潧杯敬搮൪㠊⸹㐲⸸㘱⸸㠱‸潧杯敬搮൥㠊⸹㐲⸸㘱⸸㠱‸潧杯敬搮൫㠊⸹㐲⸸㘱⸸㠱‸潧杯敬搮൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬攮൥㠊⸹㐲⸸㘱⸸㠱‸潧杯敬昮൩㠊⸹㐲⸸㘱⸸㠱‸潧杯敬昮൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬昮൲㠊⸹㐲⸸㘱⸸㠱‸潧杯敬朮൥㠊⸹㐲⸸㘱⸸㠱‸潧杯敬朮൧㠊⸹㐲⸸㘱⸸㠱‸潧杯敬朮൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬朮൲㠊⸹㐲⸸㘱⸸㠱‸潧杯敬栮൴㠊⸹㐲⸸㘱⸸㠱‸潧杯敬椮൥㠊⸹㐲⸸㘱⸸㠱‸潧杯敬椮൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬椮൮㠊⸹㐲⸸㘱⸸㠱‸潧杯敬椮൴㠊⸹㐲⸸㘱⸸㠱‸潧杯敬欮൩㠊⸹㐲⸸㘱⸸㠱‸潧杯敬氮ൡ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬氮൩㠊⸹㐲⸸㘱⸸㠱‸潧杯敬氮൶㠊⸹㐲⸸㘱⸸㠱‸潧杯敬洮ൡ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬洮൳㠊⸹㐲⸸㘱⸸㠱‸潧杯敬洮൵㠊⸹㐲⸸㘱⸸㠱‸潧杯敬洮൷㠊⸹㐲⸸㘱⸸㠱‸潧杯敬渮൬㠊⸹㐲⸸㘱⸸㠱‸潧杯敬渮൯㠊⸹㐲⸸㘱⸸㠱‸潧杯敬渮൲㠊⸹㐲⸸㘱⸸㠱‸潧杯敬渮൵㠊⸹㐲⸸㘱⸸㠱‸潧杯敬瀮൬㠊⸹㐲⸸㘱⸸㠱‸潧杯敬瀮൮㠊⸹㐲⸸㘱⸸㠱‸潧杯敬瀮൴㠊⸹㐲⸸㘱⸸㠱‸潧杯敬爮൯㠊⸹㐲⸸㘱⸸㠱‸潧杯敬爮൵㠊⸹㐲⸸㘱⸸㠱‸潧杯敬爮൷㠊⸹㐲⸸㘱⸸㠱‸潧杯敬献ൣ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬献൥㠊⸹㐲⸸㘱⸸㠱‸潧杯敬献൨㠊⸹㐲⸸㘱⸸㠱‸潧杯敬献൩㠊⸹㐲⸸㘱⸸㠱‸潧杯敬献൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬献൮㠊⸹㐲⸸㘱⸸㠱‸潧杯敬献൴㠊⸹㐲⸸㘱⸸㠱‸潧杯敬琮൬㠊⸹㐲⸸㘱⸸㠱‸潧杯敬琮൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬琮൴㠊⸹㐲⸸㘱⸸㠱‸潧杯敬甮൳㠊⸹㐲⸸㘱⸸㠱‸潧杯敬瘮൵㠊⸹㐲⸸㘱⸸㠱‸潧杯敬眮൳㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮⹯正਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣椮൤㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮⹯汩਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣椮൮㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮⹯灪਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣欮൲㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮⹯獬਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣洮ൡ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮⹯穮਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣琮ൺ㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮⹯杵਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣甮൫㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮⹯慺਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣種൭㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭晡਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭条਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭牡਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭畡਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭湢਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭牢਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭祢਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭穢਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭畣਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭捥਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧⹥潣⹭橦਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥敡਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥獡਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥瑡਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥穡਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥慢਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥敢਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥杢਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥獢਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥慣਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥摣਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭桧਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭歨਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭浪਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭硭਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭祭਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭慮਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭普਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭杮਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥档਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭灮਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭牰਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭慱਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭杳਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭橴਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣⹭睴਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥橤਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥敤਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥此਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥浤਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥敥਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥楦਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥浦਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥牦਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥敧਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥杧਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥浧਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥牧਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥瑨਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥敩਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥浩਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥湩਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥瑩਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥楫਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥慬਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥楬਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥癬਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥慭਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥獭਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥畭਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥睭਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥汮਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潮਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥牮਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥畮਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥汰਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥湰਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥瑰਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潲਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥畲਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥睲਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥捳਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥敳਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥桳਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥楳਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥浳਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥湳਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥瑳਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥汴਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥浴਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥瑴਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥獵਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥當਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥獷਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣挮൫㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮⹯摩਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣椮൬㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮⹯湩਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣樮൰㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮⹯牫਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣氮൳㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮⹯慭਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣渮ൺ㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮⹯穴਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣甮൧㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮⹯歵਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣種ൡ㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮⹯浺਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣൭㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯愮൦㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯愮൧㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯愮൲㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯愮൵㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯戮൮㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯戮൲㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯戮൹㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯戮ൺ㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯挮൵㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯攮ൣ㠊⸹㐲⸸㘱⸸㠱‸睷⹷潧杯敬挮浯昮൪㠊⸹㐲⸸㘱⸸㠱‸潧杯敬挮浯਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧⹥潣൭㠊⸹㐲⸸㘱⸸㠱‸楢杮挮浯਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷戮湩⹧潣൭㠊⸹㐲⸸㘱⸸㠱‸敳牡档礮桡潯挮浯਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷献慥捲⹨慹潨⹯潣൭㠊⸹㐲⸸㘱⸸㠱‸敳牡档氮癩⹥潣൭㠊⸹㐲⸸㘱⸸㠱‸敳牡档洮湳挮浯਍㤸㈮㠴ㄮ㠶ㄮ㠸朠潯汧慥獤朮搮畯汢捥楬正渮瑥਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷朮潯汧慥獤朮搮畯汢捥楬正渮瑥਍㤸㈮㠴ㄮ㠶ㄮ㠸瀠扵摡⹳⹧潤扵敬汣捩⹫敮൴㠊⸹㐲⸸㘱⸸㠱‸睷⹷異慢獤朮搮畯汢捥楬正渮瑥਍㤸㈮㠴ㄮ㠶ㄮ㠸瀠牡湴牥朮潯汧慥獤牥楶散⹳潣൭㠊⸹㐲⸸㘱⸸㠱‸睷⹷慰瑲敮⹲潧杯敬摡敳癲捩獥挮浯਍㤸㈮㠴ㄮ㠶ㄮ㠸眠睷瀮牡湴牥朮潯汧慥獤牥楶散⹳潣൭
O1 - Hosts: rinter_924.print_margin_top", "0.5");
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_oddpages", true);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_orientation", 0);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_pagedelay", 500);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_paper_data", 1);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_paper_height", " 11.00");
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_paper_size", 77);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_paper_size_type", 0);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_paper_size_unit", 0);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_paper_width", " 8.50");
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_reversed", false);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_scaling", " 1.00");
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_shrink_to_fit", true);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_to_file", false);
O1 - Hosts: user_pref("print.printer_Dell_Photo_AIO_Printer_924.print_to_filename", "");
O1 - Hosts: user_pref("privacy.item.cookies", true);
O1 - Hosts: user_pref("privacy.item.formdata", false);
O1 - Hosts: user_pref("security.warn_viewing_mixed", false);
O1 - Hosts: user_pref("signon.rememberSignons", false);
O1 - Hosts: user_pref("spellchecker.dictionary", "en-US");
O1 - Hosts: user_pref("symantec.browser.sessionstore.resume_from_crash.toggle", false);
O1 - Hosts: user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1252025435);
O1 - Hosts: user_pref("urlclassifier.tableversion.goog-black-enchash", "1.66668");
O1 - Hosts: 3 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O7 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 1
O7 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: hotmail.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: live.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: msn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: passport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com/plugins/Plugin0501.01...eetnoagent7.cab (Street Technologies ActiveX Control Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfield.com/coupons/scriptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {5AA84ADA-3A1F-4B16-B63D-72DC4CAFC9D8} https://access.ixisam.net/CitrixLogonPoint/...t/CitrixCAO.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1207974912487 (MUWebControl Class)
O16 - DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} http://ecare4c.netopia.com/RA/ecare4/compo...t_4.2.1.318.cab (ECareAgent Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T25L10NSP41E...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/ac...veX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{ae279c59-bb6a-11dc-99b9-001676d8b5e8}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/30 08:11:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Virus
[2009/08/30 08:09:45 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\n3b5w0kf.exe
[2009/08/30 08:09:20 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TeamVinzanne\Desktop\OTL.exe
[2009/08/26 14:50:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\U3
[2009/08/25 17:13:58 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Alfredo Sauce.doc
[2009/08/25 17:13:45 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\System Still Slow after viruses removed documentation.doc
[2009/08/25 10:52:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\ProfSem
[2009/08/24 11:06:13 | 00,079,360 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\google virus.doc
[2009/08/24 10:58:24 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Bills.xls
[2009/08/21 09:48:14 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\beautiful quote.doc
[2009/08/20 09:01:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\settings.dat
[2009/08/20 09:00:56 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\TeamVinzanne\Desktop\RootRepeal.exe
[2009/08/19 19:50:05 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\dds.scr
[2009/08/18 16:08:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\webex
[2009/08/18 16:08:14 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/08/18 16:08:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\My Documents\WebEx
[2009/08/18 16:08:02 | 00,202,832 | ---- | C] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2009/08/18 07:49:11 | 00,140,800 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Hartzel-Schnaitman Wedding 09 26 09.doc
[2009/08/16 09:59:38 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/08/16 09:49:48 | 01,339,288 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\sar_15_sfx.exe
[2009/08/15 06:35:08 | 10,632,97024 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/15 06:33:14 | 00,000,514 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\DrWeb2.csv
[2009/08/14 11:25:09 | 00,001,254 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\DrWeb.csv
[2009/08/13 20:44:05 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\cigna insurance follow up.doc
[2009/08/13 08:12:59 | 15,522,056 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\TeamVinzanne\Desktop\r485p4tp.exe
[2009/08/10 19:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Adobe FrameMaker 9
[2009/08/10 17:19:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Framemaker
[2009/08/10 17:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\StyleGuide
[2009/08/09 22:28:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\RootRepeal
[2009/08/09 22:27:25 | 00,462,996 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\RootRepeal.zip
[2009/08/09 18:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\SmitfraudFix
[2009/08/09 15:46:13 | 00,004,288 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/09 09:15:28 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Spyware removal instructions.doc
[2009/08/09 09:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/09 09:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/09 09:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\SUPERAntiSpyware.com
[2009/08/08 14:49:25 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Concept Map example.doc
[2009/08/08 13:31:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/07 18:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Current
[2009/08/04 15:11:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/04 14:27:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/08/04 14:26:54 | 00,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2009/08/04 14:26:54 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2009/08/04 14:26:06 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2009/08/04 13:13:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\Download Manager
[2009/08/04 13:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/04 07:38:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Montana
[2009/08/04 07:38:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Glacier Raft
[2009/05/31 16:55:49 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/02/04 17:13:59 | 00,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2009/02/04 17:13:59 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/02/04 17:13:59 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2009/02/04 17:13:59 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/12/04 01:56:35 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/05 20:04:45 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2008/05/27 03:00:18 | 00,000,355 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2008/03/08 21:23:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/01/05 19:07:41 | 00,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/05 19:07:41 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5D510DD84E.sys
[2007/02/07 12:57:16 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcccoin.dll
[2006/12/20 16:58:02 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcciesc.dll
[2006/12/20 16:47:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccinpa.dll
[2006/11/15 21:19:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/15 21:07:13 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/15 21:02:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/15 20:34:52 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/11/15 20:34:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/11/15 20:34:28 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 12:08:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/08/30 12:08:46 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/08/30 12:08:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/08/30 12:07:44 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/08/30 12:07:40 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/08/30 12:07:34 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/08/30 12:07:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/08/30 12:06:04 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:18:43 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 03:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/16 03:18:21 | 01,365,151 | ---- | C] () -- C:\WINDOWS\System32\mapidde.dll
[2005/08/16 03:18:21 | 00,344,913 | ---- | C] () -- C:\WINDOWS\System32\libhtm32.dll
[2005/08/16 03:18:21 | 00,003,569 | ---- | C] () -- C:\WINDOWS\System32\combio.dll
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/07/28 14:47:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/06/21 16:27:56 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/06/21 16:27:02 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/06/21 16:22:06 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/06/21 16:21:40 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/06/21 16:19:48 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/06/21 16:18:58 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/06/21 16:18:24 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/06/21 16:12:48 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/06/21 16:09:22 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/04/01 11:44:16 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/08/30 08:09:51 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\n3b5w0kf.exe
[2009/08/30 08:09:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TeamVinzanne\Desktop\OTL.exe
[2009/08/30 07:57:47 | 00,002,672 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/08/30 07:56:30 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\5D510DD84E.sys
[2009/08/27 06:57:22 | 00,000,602 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\My Documents\My Sharing Folders.lnk
[2009/08/25 17:13:58 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Alfredo Sauce.doc
[2009/08/25 17:13:45 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\System Still Slow after viruses removed documentation.doc
[2009/08/25 10:27:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/25 10:27:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/25 10:13:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 20:00:00 | 00,000,590 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - TeamVinzanne.job
[2009/08/24 18:33:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/24 18:33:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/24 13:43:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/08/24 13:43:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/24 11:06:13 | 00,079,360 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\google virus.doc
[2009/08/24 11:01:43 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\BILLS.doc
[2009/08/24 10:58:24 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Bills.xls
[2009/08/22 20:20:24 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/21 09:48:14 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\beautiful quote.doc
[2009/08/20 09:01:27 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\settings.dat
[2009/08/20 09:01:04 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\TeamVinzanne\Desktop\RootRepeal.exe
[2009/08/20 08:47:32 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/19 19:50:07 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\dds.scr
[2009/08/18 16:08:14 | 00,051,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/08/18 16:08:09 | 00,202,832 | ---- | M] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2009/08/18 07:49:11 | 00,140,800 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Hartzel-Schnaitman Wedding 09 26 09.doc
[2009/08/17 21:28:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/17 21:28:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/17 21:28:44 | 10,632,97024 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/16 09:49:50 | 01,339,288 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\sar_15_sfx.exe
[2009/08/15 06:33:15 | 00,000,514 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\DrWeb2.csv
[2009/08/14 11:25:09 | 00,001,254 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\DrWeb.csv
[2009/08/13 20:44:13 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\cigna insurance follow up.doc
[2009/08/13 08:12:59 | 15,522,056 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\TeamVinzanne\Desktop\r485p4tp.exe
[2009/08/10 12:28:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/10 12:28:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/10 11:37:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/08/10 11:37:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/10 08:45:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/08/10 08:45:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/09 22:27:26 | 00,462,996 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\RootRepeal.zip
[2009/08/09 18:09:20 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Spyware removal instructions.doc
[2009/08/09 18:00:45 | 00,004,288 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/09 15:59:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/08/09 15:59:05 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/08/09 11:08:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/08/09 11:08:48 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/08/09 09:11:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/08/09 09:11:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/08/08 15:08:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/08/08 15:08:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/08/08 14:49:25 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Concept Map example.doc
[2009/08/08 13:31:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/07 02:51:31 | 00,125,440 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Amedisys Miles.doc
[2009/08/06 19:10:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/06 19:10:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/06 18:55:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/06 18:55:40 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/06 07:31:20 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/08/06 07:31:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/08/06 07:30:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/08/06 07:30:40 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/08/06 07:25:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/08/06 07:25:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/08/05 19:29:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/08/05 19:29:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/08/05 19:26:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/08/05 19:26:29 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/08/05 19:25:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/05 19:25:48 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/05 06:40:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/05 06:40:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/05 06:02:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/05 06:02:29 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/04 21:22:48 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/04 15:14:37 | 00,077,176 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/04 14:26:06 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 18:19:25 | 00,008,319 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
< End of report >

Thanks for your help.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:04 AM

Posted 31 August 2009 - 12:02 PM

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Reboot your computer and let me know if you notice any change with your issues.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 AuntieSuz

AuntieSuz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 31 August 2009 - 10:10 PM

Nope, still not working. But here's what happened.

I downloaded the file; unzipped it to C:\HostsXpert; ran the program; clicked "Make Hosts Writable" and got this:
Your HOSTS file is marked as a “system file” and can NOT be manipulated. Press OK to remove the system file attribute, CANCEL to Quit. ***HostsXpert will NOT reset these attributes.***

I selected OK. Then I got:
Your HOSTS file is marked as a “Hidden file” and can NOT be manipulated. Press OK to remove the hidden file attribute, CANCEL to Quit. ***HostsXpert will NOT reset these attributes.***

I selected OK again.

I then clicked Restore MS hosts, and got this error:
ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts
I clicked OK and the program closed.

Help.
Thanks!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:04 AM

Posted 01 September 2009 - 12:17 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 AuntieSuz

AuntieSuz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 01 September 2009 - 04:32 PM

Here's the log after running the custom script:
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 483263 bytes

User: Suzanne Childers
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: TeamVinzanne
->Temp folder emptied: 258029 bytes
File delete failed. C:\Documents and Settings\TeamVinzanne\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1076965319 bytes
->Java cache emptied: 36136248 bytes
->FireFox cache emptied: 24170860 bytes

User: Vincent McCormick
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP folder deleted successfully.
%systemroot% .tmp files removed: 87431 bytes
%systemroot%\System32 .tmp files removed: 5591057 bytes
File delete failed. C:\WINDOWS\temp\WFV1F.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 37519360 bytes
RecycleBin emptied: 262703616 bytes

Total Files Cleaned = 1377.06 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.0.10.7 log created on 09012009_113920

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\WFV1F.tmp not found!

Registry entries deleted on Reboot...



And here's the second log:
OTL logfile created on: 9/1/2009 11:53:59 AM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\TeamVinzanne\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.97 Mb Total Physical Memory | 561.45 Mb Available Physical Memory | 55.37% Memory free
2.38 Gb Paging File | 1.94 Gb Available in Paging File | 81.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 109.78 Gb Free Space | 76.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 976.13 Mb Total Space | 286.16 Mb Free Space | 29.32% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DC3MT3C1
Current User Name: TeamVinzanne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/12/15 11:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/05/02 10:54:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/10/16 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2007/10/25 10:05:40 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/29 13:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 12:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/07/21 22:50:10 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/07/21 22:47:00 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/07/24 16:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 06:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2005/10/05 02:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 04:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 15:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2007/10/26 16:42:48 | 00,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2005/07/22 15:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 16:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcccoms.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/03/03 15:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2009/05/02 10:54:10 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/26 16:42:40 | 00,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2007/10/25 10:04:56 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/10/16 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
PRC - [2006/07/16 20:29:54 | 00,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2009/08/05 16:06:26 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2003/10/29 01:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2008/04/13 17:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/02 10:54:10 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/08/30 08:09:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TeamVinzanne\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/06/21 16:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
SRV - [2005/12/15 11:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/08/04 14:27:34 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/07 16:16:26 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/02 10:54:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/10/16 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Running])
SRV - [2007/10/16 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 03:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/09/08 04:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 11:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 04:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 04:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 04:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 04:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 11:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 04:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 04:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 02:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 04:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/06/05 12:49:08 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/11/17 20:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 20:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/07/22 01:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor [Boot | Running])
DRV - [2003/04/09 17:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/10/16 20:50:00 | 00,064,168 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2007/10/16 20:50:00 | 00,072,680 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/10/16 20:50:00 | 00,033,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/10/16 20:50:00 | 00,171,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2007/10/16 20:50:00 | 00,031,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2007/10/16 20:50:00 | 00,051,944 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/07/24 16:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2003/11/17 20:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\S-1-5-21-1466988827-3886591253-2063323200-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\S-1-5-21-1466988827-3886591253-2063323200-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/05/01 01:40:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/02 10:54:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/02 12:26:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 14:26:05 | 00,000,000 | ---D | M]

[2009/03/04 18:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TeamVinzanne\Application Data\mozilla\Extensions
[2009/03/04 18:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TeamVinzanne\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/03/03 19:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TeamVinzanne\Application Data\mozilla\Firefox\Profiles\8kvrlqj5.default\extensions
[2009/06/26 21:45:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/04 18:01:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/05 18:05:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/02 10:54:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/02/19 18:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 18:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/11/14 18:34:14 | 00,090,112 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/05/02 10:54:10 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/19 18:43:35 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/02 12:27:52 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/19 12:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 12:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 12:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 12:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 12:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/02 18:19:40 | 00,001,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2009/02/19 12:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O7 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 1
O7 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: hotmail.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: live.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: msn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: passport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com/plugins/Plugin0501.01...eetnoagent7.cab (Street Technologies ActiveX Control Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfield.com/coupons/scriptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {5AA84ADA-3A1F-4B16-B63D-72DC4CAFC9D8} https://access.ixisam.net/CitrixLogonPoint/...t/CitrixCAO.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1207974912487 (MUWebControl Class)
O16 - DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} http://ecare4c.netopia.com/RA/ecare4/compo...t_4.2.1.318.cab (ECareAgent Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T25L10NSP41E...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upload/ac...veX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/09 15:55:20 | 00,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/01 11:39:20 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/31 19:16:31 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Add to instruction.doc
[2009/08/31 19:15:52 | 00,000,000 | ---D | C] -- C:\HostsXpert
[2009/08/31 19:12:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\HostsXpert
[2009/08/31 19:11:41 | 00,353,485 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\HostsXpert.zip
[2009/08/30 19:34:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/08/30 08:11:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Virus
[2009/08/30 08:09:45 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\n3b5w0kf.exe
[2009/08/30 08:09:20 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TeamVinzanne\Desktop\OTL.exe
[2009/08/26 14:50:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\U3
[2009/08/25 17:13:58 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Alfredo Sauce.doc
[2009/08/25 17:13:45 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\System Still Slow after viruses removed documentation.doc
[2009/08/24 11:06:13 | 00,079,360 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\google virus.doc
[2009/08/24 10:58:24 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Bills.xls
[2009/08/21 09:48:14 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\beautiful quote.doc
[2009/08/18 16:08:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\webex
[2009/08/18 16:08:14 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/08/18 16:08:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\My Documents\WebEx
[2009/08/18 16:08:02 | 00,202,832 | ---- | C] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2009/08/18 07:49:11 | 00,140,800 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Hartzel-Schnaitman Wedding 09 26 09.doc
[2009/08/16 09:59:38 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/08/15 06:35:08 | 10,632,97024 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/13 20:44:05 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\cigna insurance follow up.doc
[2009/08/10 19:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Adobe FrameMaker 9
[2009/08/10 17:19:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Framemaker
[2009/08/10 17:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\StyleGuide
[2009/08/09 15:46:13 | 00,004,288 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/09 09:15:28 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Spyware removal instructions.doc
[2009/08/09 09:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/09 09:12:08 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/09 09:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\SUPERAntiSpyware.com
[2009/08/08 14:49:25 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Concept Map example.doc
[2009/08/08 13:31:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/07 18:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Current
[2009/08/04 15:11:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/04 14:27:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/08/04 14:26:54 | 00,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2009/08/04 14:26:54 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2009/08/04 14:26:06 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2009/08/04 13:13:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\Download Manager
[2009/08/04 13:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/04 07:38:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Montana
[2009/08/04 07:38:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TeamVinzanne\Desktop\Glacier Raft
[2009/05/31 16:55:49 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/02/04 17:13:59 | 00,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2009/02/04 17:13:59 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/02/04 17:13:59 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2009/02/04 17:13:59 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/12/04 01:56:35 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/05 20:04:45 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2008/05/27 03:00:18 | 00,000,355 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2008/03/08 21:23:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/01/05 19:07:41 | 00,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/05 19:07:41 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5D510DD84E.sys
[2007/02/07 12:57:16 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcccoin.dll
[2006/12/20 16:58:02 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcciesc.dll
[2006/12/20 16:47:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccinpa.dll
[2006/11/15 21:19:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/15 21:07:13 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/15 21:02:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/15 20:34:52 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/11/15 20:34:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/11/15 20:34:28 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 12:08:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/08/30 12:08:46 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/08/30 12:08:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/08/30 12:07:44 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/08/30 12:07:40 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/08/30 12:07:34 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/08/30 12:07:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/08/30 12:06:04 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:18:43 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 03:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/16 03:18:21 | 01,365,151 | ---- | C] () -- C:\WINDOWS\System32\mapidde.dll
[2005/08/16 03:18:21 | 00,344,913 | ---- | C] () -- C:\WINDOWS\System32\libhtm32.dll
[2005/08/16 03:18:21 | 00,003,569 | ---- | C] () -- C:\WINDOWS\System32\combio.dll
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/07/28 14:47:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/06/21 16:27:56 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/06/21 16:27:02 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/06/21 16:22:06 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/06/21 16:21:40 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/06/21 16:19:48 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/06/21 16:18:58 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/06/21 16:18:24 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/06/21 16:12:48 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/06/21 16:09:22 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/04/01 11:44:16 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2009/09/01 11:44:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/01 11:44:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/01 11:44:05 | 10,632,97024 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/01 11:42:09 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/09/01 10:13:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/31 20:10:26 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Add to instruction.doc
[2009/08/31 20:00:00 | 00,000,590 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - TeamVinzanne.job
[2009/08/31 19:11:41 | 00,353,485 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\HostsXpert.zip
[2009/08/31 10:42:48 | 00,002,672 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/08/31 10:40:54 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\5D510DD84E.sys
[2009/08/30 08:09:51 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\n3b5w0kf.exe
[2009/08/30 08:09:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TeamVinzanne\Desktop\OTL.exe
[2009/08/27 06:57:22 | 00,000,602 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\My Documents\My Sharing Folders.lnk
[2009/08/25 17:13:58 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Alfredo Sauce.doc
[2009/08/25 17:13:45 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\System Still Slow after viruses removed documentation.doc
[2009/08/25 10:27:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/25 10:27:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/24 18:33:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/24 18:33:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/24 13:43:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/08/24 13:43:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/24 11:06:13 | 00,079,360 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\google virus.doc
[2009/08/24 11:01:43 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\BILLS.doc
[2009/08/24 10:58:24 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Bills.xls
[2009/08/22 20:20:24 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/21 09:48:14 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\beautiful quote.doc
[2009/08/20 08:47:32 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/18 16:08:14 | 00,051,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/08/18 16:08:09 | 00,202,832 | ---- | M] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2009/08/18 07:49:11 | 00,140,800 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Hartzel-Schnaitman Wedding 09 26 09.doc
[2009/08/13 20:44:13 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\cigna insurance follow up.doc
[2009/08/10 12:28:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/10 12:28:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/10 11:37:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/08/10 11:37:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/10 08:45:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/08/10 08:45:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/09 18:09:20 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Spyware removal instructions.doc
[2009/08/09 18:00:45 | 00,004,288 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/09 15:59:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/08/09 15:59:05 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/08/09 11:08:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/08/09 11:08:48 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/08/09 09:11:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/08/09 09:11:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/08/08 15:08:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/08/08 15:08:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/08/08 14:49:25 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Concept Map example.doc
[2009/08/08 13:31:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/07 02:51:31 | 00,125,440 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Desktop\Amedisys Miles.doc
[2009/08/06 19:10:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/08/06 19:10:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/08/06 18:55:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/08/06 18:55:40 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/08/06 07:31:20 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/08/06 07:31:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/08/06 07:30:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/08/06 07:30:40 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/08/06 07:25:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/08/06 07:25:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/08/05 19:29:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/08/05 19:29:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/08/05 19:26:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/08/05 19:26:29 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/08/05 19:25:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/05 19:25:48 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/05 06:40:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/05 06:40:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/05 06:02:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/05 06:02:29 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/04 21:22:48 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/04 15:14:37 | 00,077,176 | ---- | M] () -- C:\Documents and Settings\TeamVinzanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/04 14:26:06 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
< End of report >


A quick update:
I was just now able to access Google calendar. However, I cannot access Gmail.
I was also able to access my Google home page.
However, when I try to access Google anything, I keep getting the Security Warnings: The current Web page is trying to open a site in your Trusted sites list. Do you want to allow this? Current site: mail.google.com Trusted site: www.google.com.
I never used to get these warnings.

On my home page, my Gmail servlet is showing the same error I get when I try to open it (in some cases; in other cases, I just get a blank screen): 502 Server Error / The server encountered a temporary error and could not complete your request. Please try again in 30 seconds. (can't get it now - both Gmail and the Google home page are frozen).
Note that I can try to my hearts content after this server error and still can't access Gmail.

I did just get the closest I've ever gotten to Gmail. The page loaded and let me enter my UN and Pswd. However, I then got the same 502 Server Error.

Google Search seems to be working. I was even able to change my preferences. And as near as I can tell, I'm not being redirected, but I will keep testing. Same with Yahoo and Bing searches, they seem to be working now as well.

What's up with Gmail?

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:04 AM

Posted 02 September 2009 - 11:28 AM

You've got Google set up as a trusted site in your preferences, so let's remove that and see if there's any change.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O15 - HKU\S-1-5-21-1466988827-3886591253-2063323200-1008\..Trusted Domains: google.com ([www] https in Trusted sites)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.


Are you allowing cookies?
What browser are you using? Have you tried both IE and Firefox?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 AuntieSuz

AuntieSuz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 10 September 2009 - 11:12 AM

Here's my OLT log:
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1466988827-3886591253-2063323200-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\www\ deleted successfully.

OTL by OldTimer - Version 3.0.10.7 log created on 09102009_082046


That did the trick - I'm no longer getting the trusted sites question.

Cookies are allowed and set to Medium.

I primarily use IE. I've tried both IE and Firefox. In fact, when IE goes down.... I usually head to Firefox to see if it is having the same problems. Frankly, I've had MORE problems with things loading in Firefox than I do with IE.

Another question..... I'm running McAfee. It does a quick scan every night and a full scan on Sundays. How can I prevent something like this happening again? What do I need to install to catch this sort of thing. My suspicion of where this "virus / spyware" got access is that I had someone staying at my house for 10 days while I was out of town. When I looked through internet history and google search history..... it appears he was browsing singles sites. Not match.com or eharmony or a more reputable site.... but more sketchy ones it appears... like adultfriendfinder...... and so on. I've a VERY strong suspicion that these google searches AND probably clicking the links is what caused this nightmare. We've had words and I don't anticipate it happening again.... but is there a way to prevent this in the future?

Everything seems to be running fairly well at the moment. I'm back up and able to use Google, Bing, Yahoo searches. I can access my Gmail, Gmail calendar, and home page......

Thank you so much for your help!

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:04 AM

Posted 10 September 2009 - 06:42 PM

Mcafee is not as strong as it once was and it's not an antivirus that I would recommend currently. You would have better results even with a free antivirus such as Avast. If you want a more complete program and you don't mind paying a few bucks look into Nod32 or Kaspersky. Both seem to have a good handle on current malware infections. Let's clean up a bit and then I'll post some other recommendations for you.

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.


=================

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 AuntieSuz

AuntieSuz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 24 September 2009 - 10:33 AM

I'm still cleaning. Will have an update shortly.

Thanks!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:04 AM

Posted 14 October 2009 - 08:03 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users