1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Access to host file is denied (Solved)

Discussion in 'Malware Removal Help' started by sansa, Oct 8, 2009.

  1. sansa

    sansa Guest

    Hello my Media Centre computer had Windows Protection Suite rogue software. I ran Superantispyware and malwarebytes on it and the Windows Protection Suite doesn't come up anymore. That's the good news. i ran hijackthis and it says that access to the hosts file is denied. Also in the hjt log, several 01 -host entries are listed. i'm wondering if this is malware related.

    I followed the instruction to prepare for help. Here is the rootrepeal log. I'll send the other logs after

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/10/08 17:44
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP Media Center Edition SP3
    ==================================================

    Drivers
    -------------------
    Name: dump_iastor.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
    Address: 0xB1073000 Size: 872448 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xAE22D000 Size: 49152 File Visible: No Signed: -
    Status: -

    SSDT
    -------------------
    #: 025 Function Name: NtClose
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb57576b8

    #: 041 Function Name: NtCreateKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5757574

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5757a52

    #: 068 Function Name: NtDuplicateObject
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb575714c

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb575764e

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb575708c

    #: 128 Function Name: NtOpenThread
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb57570f0

    #: 177 Function Name: NtQueryValueKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb575776e

    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb575772e

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb57578ae

    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb9a300b0

    ==EOF==
     
  2. sansa

    sansa Guest

    Re: Access to host file is denied

    OTL logfile created on: 10/8/2009 5:51:57 PM - Run 1
    OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Iannetti Family\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.09 Mb Total Physical Memory | 577.35 Mb Available Physical Memory | 56.49% Memory free
    2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.61% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.08 Gb Total Space | 123.36 Gb Free Space | 85.61% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 476.36 Mb Total Space | 4.99 Mb Free Space | 1.05% Space Free | Partition Type: FAT32
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DHZ99Q81
    Current User Name: Iannetti Family
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe (Authentium, Inc.)
    PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
    PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe (Musicmatch, Inc.)
    PRC - C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
    PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe ()
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Sierra\Planner\PLNRnote.exe (Sierra Online)
    PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe (Musicmatch, Inc.)
    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Documents and Settings\Iannetti Family\Desktop\OTL.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
    SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
    SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (dlbu_device [Disabled | Stopped]) -- C:\WINDOWS\System32\dlbucoms.exe (Dell)
    SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
    SRV - (dvpapi [Auto | Running]) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe (Authentium, Inc.)
    SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
    SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
    SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
    SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
    SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
    SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
    SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
    SRV - (RPSUpdaterR [On_Demand | Stopped]) -- C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (Radialpoint Inc.)
    SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
    DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\css-dvp.sys (Authentium, Inc.)
    DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
    DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
    DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
    DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
    DRV - (e1express [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys (Intel Corporation)
    DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\grmnusb.sys (GARMIN Corp.)
    DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (iastor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
    DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
    DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
    DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
    DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
    DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
    DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
    DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
    DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
    DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
    DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
    DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
    DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
    DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

    FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 21:08:59 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/05 12:01:14 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/06 13:55:51 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/06 13:55:43 | 00,000,000 | ---D | M]

    [2009/10/06 13:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\mozilla\Extensions
    [2009/10/06 13:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/10/08 17:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\mozilla\Firefox\Profiles\u6mo4cmj.default\extensions
    [2009/10/06 14:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\mozilla\Firefox\Profiles\u6mo4cmj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/10/06 13:55:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/10/06 13:55:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (635 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.206.201.8 wins-guard.com.microsoft.com
    O1 - Hosts: 91.206.201.8 wins-guard.com
    O1 - Hosts: 91.206.201.8 Antivirus System PRO Powerfull PC Protection
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
    O1 - Hosts: 74.125.45.100 Secured Home of securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
    O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
    O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
    O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
    O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe (Sierra Online)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
    O4 - Startup: C:\Documents and Settings\Iannetti Family\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\Iannetti Family\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
    O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: widener.edu ([alias] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Java Plug-in Technology (Java Plug-in 1.6.0_16)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/19 17:07:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - File not found - -- [ FAT32 ]
    O32 - AutoRun File - [2009/05/01 12:50:34 | 00,000,000 | ---D | M] - F:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/09/08 21:08:59 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\aa3c6b9
    [2009/10/05 09:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/10/05 10:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/10/05 18:23:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Application Data\Foxit
    [2009/10/05 09:40:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Application Data\Malwarebytes
    [2009/10/06 13:55:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Application Data\Mozilla
    [2009/10/05 10:26:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Application Data\SUPERAntiSpyware.com
    [2009/10/06 13:55:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla
    [2009/10/05 10:26:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/10/05 18:23:23 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
    [2009/10/05 09:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/10/06 13:55:42 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2009/10/05 10:26:16 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/10/08 17:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/10/08 17:47:20 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Iannetti Family\Desktop\OTL.exe
    [2009/10/08 17:36:50 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Iannetti Family\Desktop\TFC.exe
    [2009/10/08 17:34:13 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Iannetti Family\Desktop\HJTInstall.exe
    [2009/10/08 17:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\My Documents\Downloads
    [2009/10/05 18:28:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
    [2009/10/05 16:22:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/10/05 16:14:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2009/10/05 16:14:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2009/10/05 16:14:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2009/10/05 16:14:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2009/10/05 16:14:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/10/05 16:14:09 | 00,000,000 | ---D | C] -- C:\ComboFix
    [2009/10/05 16:12:48 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/10/05 12:01:29 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2009/10/05 12:01:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2009/10/05 12:01:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2009/10/05 12:01:29 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2009/10/05 09:40:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/10/05 09:39:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/10/05 09:15:03 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
    [2009/10/05 09:14:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2009/09/10 01:00:49 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

    ========== Files - Modified Within 30 Days ==========

    [2009/10/08 17:47:20 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iannetti Family\Desktop\OTL.exe
    [2009/10/08 17:46:52 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Iannetti Family\Desktop\settings.dat
    [2009/10/08 17:39:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/10/08 17:38:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2009/10/08 17:38:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/10/08 17:38:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/10/08 17:38:32 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
    [2009/10/08 17:36:51 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iannetti Family\Desktop\TFC.exe
    [2009/10/08 17:35:10 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Iannetti Family\Desktop\HijackThis.lnk
    [2009/10/08 17:34:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Iannetti Family\Desktop\HJTInstall.exe
    [2009/10/08 17:13:02 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
    [2009/10/06 15:02:44 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2009/10/06 15:02:24 | 00,058,636 | ---- | M] () -- C:\Documents and Settings\Iannetti Family\Application Data\wklnhst.dat
    [2009/10/06 14:10:00 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
    [2009/10/06 14:10:00 | 00,000,279 | RHS- | M] () -- C:\boot.ini
    [2009/10/06 14:10:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/10/06 13:55:47 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2009/10/06 10:20:28 | 04,321,872 | -H-- | M] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\IconCache.db
    [2009/10/05 15:36:09 | 00,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009/10/05 15:36:08 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\C964020326.sys
    [2009/10/05 13:03:30 | 00,000,209 | ---- | M] () -- C:\Boot.bak
    [2009/10/05 12:01:13 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2009/10/05 12:01:13 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2009/10/05 12:01:13 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2009/10/05 12:01:13 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2009/10/05 12:01:12 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
    [2009/10/05 10:26:22 | 00,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
    [2009/10/05 09:39:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/05 09:38:10 | 00,000,635 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2009/09/21 14:55:22 | 00,001,825 | ---- | M] () -- C:\WINDOWS\dellstat.ini
    [2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/09/10 01:19:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files - No Company Name ==========
    [2009/10/08 17:43:06 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Desktop\settings.dat
    [2009/10/08 17:35:10 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Desktop\HijackThis.lnk
    [2009/10/08 17:31:39 | 10,718,12608 | -HS- | C] () -- C:\hiberfil.sys
    [2009/10/06 13:55:47 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2009/10/05 16:22:19 | 00,000,209 | ---- | C] () -- C:\Boot.bak
    [2009/10/05 16:22:14 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/10/05 16:14:16 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/10/05 16:14:16 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/10/05 16:14:16 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/10/05 16:14:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/10/05 10:26:22 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
    [2009/10/05 09:39:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2008/09/12 01:50:23 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
    [2007/01/03 20:07:58 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/12/26 21:02:15 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/20 23:04:05 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/06/16 01:00:18 | 00,000,004 | ---- | C] () -- C:\WINDOWS\todo.sys
    [2006/06/09 00:02:03 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/04/11 00:09:50 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C964020326.sys
    [2006/01/11 21:15:58 | 00,101,920 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Application Data\GDIPFONTCACHEV1.DAT
    [2005/12/15 22:56:10 | 00,000,111 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2005/12/15 22:56:09 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
    [2005/12/15 22:56:09 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2005/11/02 22:48:52 | 00,001,825 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2005/11/02 22:32:09 | 00,101,920 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2005/11/02 22:29:27 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\26030264C9.sys
    [2005/11/02 22:29:26 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2005/11/02 00:35:09 | 00,058,636 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Application Data\wklnhst.dat
    [2005/11/02 00:25:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Iannetti Family\Application Data\desktop.ini
    [2005/11/02 00:25:32 | 04,321,872 | -H-- | C] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\IconCache.db
    [2005/11/02 00:25:32 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\fusioncache.dat
    [2005/10/27 08:25:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/10/27 08:18:52 | 00,000,334 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/10/27 08:16:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/10/27 07:48:22 | 00,000,387 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/05/12 08:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/04/15 06:22:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsr.dll
    [2005/04/15 06:22:20 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
    [2005/04/15 06:22:02 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
    [2005/04/15 06:14:50 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
    [2005/04/15 06:14:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
    [2005/04/15 06:14:40 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbuins.dll
    [2005/04/15 06:13:42 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
    [2005/04/15 05:59:46 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
    [2005/04/12 22:20:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
    [2005/04/12 22:19:58 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
    [2005/02/23 22:12:10 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
    [2004/08/19 17:20:39 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/19 17:01:43 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/19 16:57:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
    [2004/08/19 16:49:59 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
    [2004/08/19 16:49:56 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

    ========== LOP Check ==========

    [2009/10/05 14:13:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/03/26 19:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/04/16 20:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/10/05 10:23:33 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\aa3c6b9
    [2008/05/07 19:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2008/02/28 22:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
    [2004/08/19 17:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2005/10/27 08:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
    [2009/02/20 16:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
    [2005/11/02 18:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0155
    [2009/02/20 16:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
    [2004/08/19 17:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
    [2008/02/22 18:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/09/02 17:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/01/12 15:41:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
    [2009/10/05 13:11:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/01/19 11:18:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2009/10/08 17:18:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Iannetti Family\Application Data
    [2007/02/02 22:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Autodesk
    [2005/11/02 22:32:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Corel Photo Album
    [2008/07/25 21:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Download Manager
    [2009/10/05 18:23:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Foxit
    [2008/09/29 20:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\GARMIN
    [2005/11/06 22:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Leadertech
    [2007/09/09 19:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Motive
    [2007/03/03 08:47:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\MSN6
    [2005/11/02 18:46:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\MSNInstaller
    [2009/02/04 16:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\OpenOffice.org
    [2008/03/25 22:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\OurPictures
    [2005/12/15 22:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Sierra
    [2009/04/16 20:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\U3
    [2009/01/12 15:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Verizon
    [2009/10/05 13:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\Viewpoint
    [2008/01/19 11:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\WildTangent
    [2009/07/29 12:08:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    [2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/10/08 17:38:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
    [2009/10/08 17:38:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:525DFE14
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >
     
  3. sansa

    sansa Guest

    Re: Access to host file is denied

    OTL Extras logfile created on: 10/8/2009 5:51:57 PM - Run 1
    OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Iannetti Family\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.09 Mb Total Physical Memory | 577.35 Mb Available Physical Memory | 56.49% Memory free
    2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.61% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.08 Gb Total Space | 123.36 Gb Free Space | 85.61% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 476.36 Mb Total Space | 4.99 Mb Free Space | 1.05% Space Free | Partition Type: FAT32
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DHZ99Q81
    Current User Name: Iannetti Family
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
    "{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
    "{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
    "{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111167660}" = Star Defender II
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}" = Garmin City Navigator North America NT 2009 Update
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A2713384-7398-43E9-9D43-565B3A7FEFEE}" = Security Advisor
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{ABEB838C-A1A7-4C5D-B7E1-8B4314600155}" = MSN Messenger 6.1
    "{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
    "{B1182355-1464-4B43-8986-031A86808495}" = Event Planner
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B522244B-206F-4793-AC4A-AD38B2B93358}" = American Tradition® Signature™ Colors Virtual Painter
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
    "{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ATI Display Driver" = ATI Display Driver
    "avast!" = avast! Antivirus
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
    "ESPNMotion" = ESPNMotion
    "Foxit Reader" = Foxit Reader
    "Google Updater" = Google Updater
    "Hallmark Card Studio 2003" = Hallmark Card Studio 2003
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2005b" = Microsoft Money 2005
    "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PictureItPrem_v10" = Microsoft Picture It! Premium 10
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.22
    "RealPlayer 6.0" = RealPlayer Basic
    "Registry Mechanic_is1" = Registry Mechanic 7.0
    "RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
    "Shockwave" = Shockwave
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Verizon Help and Support" = Verizon Help and Support Tool
    "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
    "WIC" = Windows Imaging Component
    "WildTangent CDA" = WildTangent Web Driver
    "WildTangent dell Master Uninstall" = Dell Games
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "Works2005Setup" = Microsoft Works 2005 Setup Launcher

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/29/2009 5:55:39 PM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1001
    Description = Fault bucket 735639368.

    Error - 8/29/2009 6:11:19 PM | Computer Name = DHZ99Q81 | Source = SonicMCEBurnEngine | ID = 0
    Description = Exception occurred: excp'n type: Microsoft.MediaCenter.AddIn.DiscWriter.NoMediaListMakerException

    excp'n msg: CanProceed found no media No stack trace available.

    Error - 8/29/2009 6:14:52 PM | Computer Name = DHZ99Q81 | Source = Application Error | ID = 1000
    Description = Faulting application ehshell.exe, version 5.1.2700.2230, faulting
    module clvsd.ax, version 6.0.0.818, fault address 0x0004eb5a.

    Error - 8/29/2009 6:15:02 PM | Computer Name = DHZ99Q81 | Source = Application Error | ID = 1001
    Description = Fault bucket 212994964.

    Error - 8/29/2009 9:26:44 PM | Computer Name = DHZ99Q81 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module msneie.dll, version 3.0.988.2, fault address 0x00012c4d.

    Error - 10/5/2009 11:32:33 AM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/5/2009 11:48:14 AM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/5/2009 12:04:06 PM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/5/2009 12:04:10 PM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/6/2009 3:02:02 PM | Computer Name = DHZ99Q81 | Source = Microsoft Office 10 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Word.

    [ System Events ]
    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The dvpapi service terminated unexpectedly. It has done this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The McciCMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
    unexpectedly. It has done this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Media Center Scheduler Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/8/2009 5:37:23 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).


    < End of report >
     
  4. sansa

    sansa Guest

    Re: Access to host file is denied

    Malwarebytes' Anti-Malware 1.41
    Database version: 2927
    Windows 5.1.2600 Service Pack 3

    10/8/2009 6:45:10 PM
    mbam-log-2009-10-08 (18-45-10).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 187871
    Time elapsed: 32 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    Re: Access to host file is denied

    Welcome to Computer Help Forums sansa!!:)

    As I am sure you can tell from the size of the posts, reading these logs is a complicated process but I want to assure you that you are not being ignored. A word of advice regarding the posting process which, I suppose, should be posted in more general location.

    It does take some time for these logs to upload. Once you press the submit button give it time. I note that you wound up posting the same log 3 times presumably on the assumption that an upload had failed. In actuality what happened is that the multiple long lists put all then posts into moderation and in a way that it was not readily available. To the staff it appeared that the posts went through. The malware removal experts may not have seen the post at all. This is a quirk with the spam filter.
     
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: Access to host file is denied

    Hi sansa,

    The reports actually show quite a lot.
    Let's address them:

    ComboFix
    Combofix is a powerful tool intended by its creator to be used under the direction of an expert. It is NOT for private use. You should NOT use Combofix unless a Malware Removal Expert has told you to. Improper use of this tool can seriously damage your operating system and may even prevent it from starting again. Please read Combofix's Disclaimer.


    [2009/10/08 17:13:02 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
    Did you rename the Hosts file yourself?

    These programs should be uninstalled from your system:
    Authentium AntiVirus SDK - 2
    You are running Avast, so this may conflict.
    Plus, processes and services are still showing as running for this program.


    Windows Live OneCare safety scanner
    Totally out of date now.

    MyWay Search Assistant
    No entries in your report, so may have been nuked by MBAM.
    Best try the uninstaller to be on the safe side.


    There a number of ways to go at this, but let's try the easiest way first.
    This fix will clean up a few entries and will reset your host file.

    Double click on OTL.exe to run it.
    Copy the lines in the codebox below. (make sure you include the first lot of : )
    Code:
    :otl
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    
    :files
    @C:\Documents and Settings\All Users\Application Data\TEMP:525DFE14
    @C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
    
    :commands
    [emptytemp]
    [purity]
    [resethosts]
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.
    • If OTListIt prompts for permission to reboot the computer, allow it to do so.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log in your next reply.

    In your next reply, please submit:
    The OTL report that comes up after the fix.
    And let me know how things are running.


    Thanks.
     
    Last edited by a moderator: Feb 2, 2014
  7. sansa

    sansa Guest

    Re: Access to host file is denied

    i didn't rename the host file. this hosts.new just showed up in the window when i went looking for the file because hijack was denied access. there was no hosts file, only the hosts.new. I ran the procedure and now the hosts file is there. here's what's in it.

    127.0.0.1 localhost

    That's it, nothing more. so that's the way it should be. correct?

    I was able to delete myweb search assistant and Windows Live One care safety scanner, but Authentium AntiVirus SDK - 2 didnt show up in the add & remove prorgams.

    here is the olt log

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    ========== FILES ==========
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:525DFE14 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Iannetti Family
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Temp\etilqs_hq6KCXtNFsrb1Vc23Iaw scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Temp\JET86AF.tmp scheduled to be deleted on reboot.
    ->Temp folder emptied: 471459 bytes
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 5018336 bytes
    ->Java cache emptied: 0 bytes
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\XUL.mfl scheduled to be deleted on reboot.
    ->FireFox cache emptied: 49568104 bytes

    User: LocalService
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    ->Temp folder emptied: 66016 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_288.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 66200 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 52.67 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.0.18.4 log created on 10092009_150045

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Iannetti Family\Local Settings\Temp\etilqs_hq6KCXtNFsrb1Vc23Iaw not found!
    File\Folder C:\Documents and Settings\Iannetti Family\Local Settings\Temp\JET86AF.tmp not found!
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\XUL.mfl moved successfully.
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_288.dat not found!
    C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat moved successfully.

    Registry entries deleted on Reboot...
     
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: Access to host file is denied

    Hi sansa,
    Yep, that means that any bad site added to the list will now be directed back to your own system .... meaning you can't access it.

    The hosts file may well have been altered by some malware, but you may have removed this malware by using ComboFix or some other program.
    But after the malware was removed, the file needed resetting.... which we have now done.

    Ok, let me have a new OTL scan report, using the following instructions and we'll sort those entries out.

    Double click on OTL.exe to run it.
    • Under Extra Registry section, select Use SafeList.
    • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

    Thanks.
     
  9. sansa

    sansa Guest

    Re: Access to host file is denied

    OTL logfile created on: 10/9/2009 3:43:01 PM - Run 2
    OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Iannetti Family\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.09 Mb Total Physical Memory | 557.89 Mb Available Physical Memory | 54.58% Memory free
    2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.84% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.08 Gb Total Space | 123.28 Gb Free Space | 85.56% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DHZ99Q81
    Current User Name: Iannetti Family
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe (Authentium, Inc.)
    PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
    PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe (Musicmatch, Inc.)
    PRC - C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
    PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe ()
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe (Musicmatch, Inc.)
    PRC - C:\Program Files\Sierra\Planner\PLNRnote.exe (Sierra Online)
    PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Documents and Settings\Iannetti Family\Desktop\OTL.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
    SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
    SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (dlbu_device [Disabled | Stopped]) -- C:\WINDOWS\System32\dlbucoms.exe (Dell)
    SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
    SRV - (dvpapi [Auto | Running]) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe (Authentium, Inc.)
    SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
    SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
    SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
    SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
    SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
    SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
    SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
    SRV - (RPSUpdaterR [On_Demand | Stopped]) -- C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (Radialpoint Inc.)
    SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
    DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\css-dvp.sys (Authentium, Inc.)
    DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
    DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
    DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
    DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
    DRV - (e1express [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys (Intel Corporation)
    DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\grmnusb.sys (GARMIN Corp.)
    DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (iastor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
    DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
    DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
    DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
    DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
    DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
    DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
    DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
    DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
    DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
    DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
    DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
    DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
    DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

    FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 21:08:59 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/05 12:01:14 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/06 13:55:51 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/06 13:55:43 | 00,000,000 | ---D | M]

    [2009/10/06 13:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\mozilla\Extensions
    [2009/10/06 13:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/10/08 17:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\mozilla\Firefox\Profiles\u6mo4cmj.default\extensions
    [2009/10/06 14:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Iannetti Family\Application Data\mozilla\Firefox\Profiles\u6mo4cmj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/10/06 13:55:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/10/06 13:55:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
    O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
    O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
    O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
    O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe (Sierra Online)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
    O4 - Startup: C:\Documents and Settings\Iannetti Family\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\Iannetti Family\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
    O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: widener.edu ([alias] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Java Plug-in Technology (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/19 17:07:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/10/05 09:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/10/05 10:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/10/05 18:23:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Application Data\Foxit
    [2009/10/05 09:40:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Application Data\Malwarebytes
    [2009/10/06 13:55:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Application Data\Mozilla
    [2009/10/05 10:26:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Application Data\SUPERAntiSpyware.com
    [2009/10/06 13:55:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla
    [2009/10/05 10:26:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/10/05 18:23:23 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
    [2009/10/05 09:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/10/06 13:55:42 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2009/10/05 10:26:16 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/10/08 17:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/10/09 15:00:45 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/10/08 17:47:20 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Iannetti Family\Desktop\OTL.exe
    [2009/10/08 17:36:50 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Iannetti Family\Desktop\TFC.exe
    [2009/10/08 17:34:13 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Iannetti Family\Desktop\HJTInstall.exe
    [2009/10/08 17:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Iannetti Family\My Documents\Downloads
    [2009/10/05 18:28:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
    [2009/10/05 16:22:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/10/05 16:14:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2009/10/05 16:14:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2009/10/05 16:14:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2009/10/05 16:14:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2009/10/05 16:14:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/10/05 16:14:09 | 00,000,000 | ---D | C] -- C:\ComboFix
    [2009/10/05 16:12:48 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/10/05 12:01:29 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2009/10/05 12:01:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2009/10/05 12:01:29 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2009/10/05 12:01:29 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2009/10/05 09:40:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/10/05 09:39:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/10/05 09:15:03 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
    [2009/10/05 09:14:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2009/09/10 01:00:49 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

    ========== Files - Modified Within 30 Days ==========

    [2009/10/09 15:02:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/10/09 15:02:16 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2009/10/09 15:01:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/10/09 15:01:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/10/09 15:01:49 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
    [2009/10/09 15:00:53 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2009/10/08 17:47:20 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iannetti Family\Desktop\OTL.exe
    [2009/10/08 17:46:52 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Iannetti Family\Desktop\settings.dat
    [2009/10/08 17:36:51 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Iannetti Family\Desktop\TFC.exe
    [2009/10/08 17:35:10 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Iannetti Family\Desktop\HijackThis.lnk
    [2009/10/08 17:34:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Iannetti Family\Desktop\HJTInstall.exe
    [2009/10/08 17:13:02 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
    [2009/10/06 15:02:44 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2009/10/06 15:02:24 | 00,058,636 | ---- | M] () -- C:\Documents and Settings\Iannetti Family\Application Data\wklnhst.dat
    [2009/10/06 14:10:00 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
    [2009/10/06 14:10:00 | 00,000,279 | RHS- | M] () -- C:\boot.ini
    [2009/10/06 14:10:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/10/06 13:55:47 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2009/10/06 10:20:28 | 04,321,872 | -H-- | M] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\IconCache.db
    [2009/10/05 15:36:09 | 00,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009/10/05 15:36:08 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\C964020326.sys
    [2009/10/05 13:03:30 | 00,000,209 | ---- | M] () -- C:\Boot.bak
    [2009/10/05 12:01:13 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2009/10/05 12:01:13 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2009/10/05 12:01:13 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2009/10/05 12:01:13 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2009/10/05 12:01:12 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
    [2009/10/05 10:26:22 | 00,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
    [2009/10/05 09:39:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/09/21 14:55:22 | 00,001,825 | ---- | M] () -- C:\WINDOWS\dellstat.ini
    [2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/09/10 01:19:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files - No Company Name ==========
    [2009/10/08 17:43:06 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Desktop\settings.dat
    [2009/10/08 17:35:10 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Desktop\HijackThis.lnk
    [2009/10/08 17:31:39 | 10,718,12608 | -HS- | C] () -- C:\hiberfil.sys
    [2009/10/06 13:55:47 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2009/10/05 16:22:19 | 00,000,209 | ---- | C] () -- C:\Boot.bak
    [2009/10/05 16:22:14 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/10/05 16:14:16 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/10/05 16:14:16 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/10/05 16:14:16 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/10/05 16:14:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/10/05 10:26:22 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
    [2009/10/05 09:39:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2008/09/12 01:50:23 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
    [2007/01/03 20:07:58 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/12/26 21:02:15 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/20 23:04:05 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/06/16 01:00:18 | 00,000,004 | ---- | C] () -- C:\WINDOWS\todo.sys
    [2006/06/09 00:02:03 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/04/11 00:09:50 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C964020326.sys
    [2006/01/11 21:15:58 | 00,101,920 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Application Data\GDIPFONTCACHEV1.DAT
    [2005/12/15 22:56:10 | 00,000,111 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2005/12/15 22:56:09 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
    [2005/12/15 22:56:09 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2005/11/02 22:48:52 | 00,001,825 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2005/11/02 22:32:09 | 00,101,920 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2005/11/02 22:29:27 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\26030264C9.sys
    [2005/11/02 22:29:26 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2005/11/02 00:35:09 | 00,058,636 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Application Data\wklnhst.dat
    [2005/11/02 00:25:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Iannetti Family\Application Data\desktop.ini
    [2005/11/02 00:25:32 | 04,321,872 | -H-- | C] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\IconCache.db
    [2005/11/02 00:25:32 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\fusioncache.dat
    [2005/10/27 08:25:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/10/27 08:18:52 | 00,000,334 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/10/27 08:16:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/10/27 07:48:22 | 00,000,387 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/05/12 08:25:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/04/15 06:22:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsr.dll
    [2005/04/15 06:22:20 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
    [2005/04/15 06:22:02 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
    [2005/04/15 06:14:50 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
    [2005/04/15 06:14:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
    [2005/04/15 06:14:40 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbuins.dll
    [2005/04/15 06:13:42 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
    [2005/04/15 05:59:46 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
    [2005/04/12 22:20:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
    [2005/04/12 22:19:58 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
    [2005/02/23 22:12:10 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
    [2004/08/19 17:20:39 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/19 17:01:43 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/19 16:57:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
    [2004/08/19 16:49:59 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
    [2004/08/19 16:49:56 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >
     
  10. sansa

    sansa Guest

    Re: Access to host file is denied

    OTL Extras logfile created on: 10/9/2009 3:43:01 PM - Run 2
    OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Iannetti Family\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.09 Mb Total Physical Memory | 557.89 Mb Available Physical Memory | 54.58% Memory free
    2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.84% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.08 Gb Total Space | 123.28 Gb Free Space | 85.56% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DHZ99Q81
    Current User Name: Iannetti Family
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
    "{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
    "{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
    "{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111167660}" = Star Defender II
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}" = Garmin City Navigator North America NT 2009 Update
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A2713384-7398-43E9-9D43-565B3A7FEFEE}" = Security Advisor
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{ABEB838C-A1A7-4C5D-B7E1-8B4314600155}" = MSN Messenger 6.1
    "{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
    "{B1182355-1464-4B43-8986-031A86808495}" = Event Planner
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B522244B-206F-4793-AC4A-AD38B2B93358}" = American Tradition® Signature™ Colors Virtual Painter
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
    "{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ATI Display Driver" = ATI Display Driver
    "avast!" = avast! Antivirus
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
    "ESPNMotion" = ESPNMotion
    "Foxit Reader" = Foxit Reader
    "Google Updater" = Google Updater
    "Hallmark Card Studio 2003" = Hallmark Card Studio 2003
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2005b" = Microsoft Money 2005
    "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PictureItPrem_v10" = Microsoft Picture It! Premium 10
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.22
    "RealPlayer 6.0" = RealPlayer Basic
    "Registry Mechanic_is1" = Registry Mechanic 7.0
    "RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
    "Shockwave" = Shockwave
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Verizon Help and Support" = Verizon Help and Support Tool
    "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
    "WIC" = Windows Imaging Component
    "WildTangent CDA" = WildTangent Web Driver
    "WildTangent dell Master Uninstall" = Dell Games
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "Works2005Setup" = Microsoft Works 2005 Setup Launcher

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/29/2009 5:55:39 PM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1001
    Description = Fault bucket 735639368.

    Error - 8/29/2009 6:11:19 PM | Computer Name = DHZ99Q81 | Source = SonicMCEBurnEngine | ID = 0
    Description = Exception occurred: excp'n type: Microsoft.MediaCenter.AddIn.DiscWriter.NoMediaListMakerException

    excp'n msg: CanProceed found no media No stack trace available.

    Error - 8/29/2009 6:14:52 PM | Computer Name = DHZ99Q81 | Source = Application Error | ID = 1000
    Description = Faulting application ehshell.exe, version 5.1.2700.2230, faulting
    module clvsd.ax, version 6.0.0.818, fault address 0x0004eb5a.

    Error - 8/29/2009 6:15:02 PM | Computer Name = DHZ99Q81 | Source = Application Error | ID = 1001
    Description = Fault bucket 212994964.

    Error - 8/29/2009 9:26:44 PM | Computer Name = DHZ99Q81 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module msneie.dll, version 3.0.988.2, fault address 0x00012c4d.

    Error - 10/5/2009 11:32:33 AM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/5/2009 11:48:14 AM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/5/2009 12:04:06 PM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/5/2009 12:04:10 PM | Computer Name = DHZ99Q81 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/6/2009 3:02:02 PM | Computer Name = DHZ99Q81 | Source = Microsoft Office 10 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Word.

    [ System Events ]
    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The dvpapi service terminated unexpectedly. It has done this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The McciCMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
    unexpectedly. It has done this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Media Center Scheduler Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/8/2009 5:37:22 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/8/2009 5:37:23 PM | Computer Name = DHZ99Q81 | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).


    < End of report >
     
  11. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: Access to host file is denied

    Hi sansa

    Thanks for the quick reply's.... it does make a difference. [​IMG]
    I know it's friday night, but let's get you working. :)

    Step 1
    Double click on OTL.exe to run it.
    Copy the lines in the codebox below. (make sure you include the first lot of : )
    Code:
    :otl
    PRC - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe (Authentium, Inc.)
    SRV - (dvpapi [Auto | Running]) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe (Authentium, Inc.)
    DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\css-dvp.sys (Authentium, Inc.)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    
    :files
    C:\Program Files\Common Files\Authentium
    
    :commands
    [emptytemp]
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.
    • If OTListIt prompts for permission to reboot the computer, allow it to do so.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log in your next reply.

    Step 2
    Optional
    Ultimately nothing really needs to be in the 'trusted zones' ...015 lines.
    If you do trust them, ok.
    But if you want to remove them........

    Download: DelDomains.inf
    You will need to use Internet Explorer for this.
    Locate DelDomains.inf right-click and select: Install
    Note: you will not see any on-screen action ...
    This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.

    Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplied.

    Step 3
    Let's double check everything:

    Please run a BitDefender Online Scan
    • Click I Agree to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click Click here to scan to begin the scan.
    • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
    • When the scan is finished, click on Click here to export the scan results.
    • Save the report to your desktop so you can post it in your next reply.
    Note: You will need to use Internet Explorer for this scan.

    In your next reply, please submit:
    OTL report that comes up after the fix.
    BitDefender scan report


    Thanks.
     
    Last edited by a moderator: Feb 2, 2014
  12. sansa

    sansa Guest

    Re: Access to host file is denied

    All processes killed
    ========== OTL ==========
    Process dvpapi.exe killed successfully!
    Service\Driver dvpapi stopped successfully.
    Service\Driver dvpapi deleted successfully.
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe moved successfully.
    Service\Driver CSS DVP stopped successfully.
    Service\Driver CSS DVP deleted successfully.
    C:\WINDOWS\System32\DRIVERS\css-dvp.sys moved successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    ========== FILES ==========
    C:\Program Files\Common Files\Authentium\AntiVirus moved successfully.
    C:\Program Files\Common Files\Authentium moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Iannetti Family
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Temp\etilqs_78mJXrP0X2bx3QATBGf8 scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Temp\JETD6DE.tmp scheduled to be deleted on reboot.
    ->Temp folder emptied: 159361 bytes
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 242153 bytes
    ->Java cache emptied: 0 bytes
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    ->FireFox cache emptied: 31475041 bytes

    User: LocalService
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    ->Temp folder emptied: 66016 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_254.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 33432 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 30.53 mb


    OTL by OldTimer - Version 3.0.18.4 log created on 10092009_163055

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Iannetti Family\Local Settings\Temp\etilqs_78mJXrP0X2bx3QATBGf8 not found!
    File\Folder C:\Documents and Settings\Iannetti Family\Local Settings\Temp\JETD6DE.tmp not found!
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Iannetti Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6mo4cmj.default\urlclassifier3.sqlite moved successfully.
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_254.dat not found!
    C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat moved successfully.

    Registry entries deleted on Reboot...
     
  13. sansa

    sansa Guest

    Re: Access to host file is denied

    drat, the bitdefender scan isn't working. i accept the terms and get the windows to install the active x and click here to do that. it seems to time out and gets an error message DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience.

    i tried twice and i'll try again. i'm using internet explorer 8
     
  14. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: Access to host file is denied

    Sometimes these online scanners can be a pain. (but they are well worth it)
    if you are having problems with the BitDefender online scan, feel free to try:

    Please do an online scan with Kaspersky WebScanner.
    Notes
    Java must be installed and enabled for the scan to work.
    Disable your computer's antivirus program as leaving it active will cause conflicts
    • Close ALL programs and windows except for your browser
      Please go to Online Kaspersky Scan and perform an online antivirus scan.
    • Read through the Requirements and limitations statement and click on the Accept button.
    • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
    • When the downloads have finished, the scrolling window will show 'Database is updated. Ready to scan'. Click on the Settings button at the bottom left.
    • Make sure these boxes are checked/ticked. If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs[*] Archives[*] Mail databases
    • Click on My Computer under Scan on the left. OK any warnings from your protection programs.
    • Go for a long walk. Please be patient and let the scanner finish. It is better that you do NOT use the computer while the scan is running. Keep all other programs/windows closed.
    • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
    • Click on Save Report As... and change the Files of type to Text file (.txt)
    • Name the file KAVScan-ddmmyy before clicking on the Save button. Save the report to a convenient place - for example the Desktop.
    • Please post this log in your next reply.
    Note - enable your antivirus program before browsing away from the Kaspersky site.

    Go to the Desktop and double-click on the Kaspersky report KAVScan-ddmmyy.txt, it will open in Notepad
    Click Edit > Select all then Edit > Copy
    Reply to this thread and paste (Ctrl+V) the report.

    Either will do the job
     
  15. sansa

    sansa Guest

    Re: Access to host file is denied

    i'm downloading the kapersky files now. with bitdefender, I tried 4 times and rebooted between each try. it just wasn't working. maybe the kapersky will work.
     
  16. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: Access to host file is denied

    Ok, remember if you run Kaspersky, stop the bitdefender scan.... they will conflict.
     
  17. sansa

    sansa Guest

    Re: Access to host file is denied

    that was a nice long and needed walk.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, October 9, 2009
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, October 09, 2009 19:14:35
    Records in database: 2942671
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 84968
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 01:41:10

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
  18. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: Access to host file is denied

    anything to oblige. .

    Things are looking good now, if you have no further problems, we'll finish off.
     
    Last edited by a moderator: Feb 2, 2014
  19. sansa

    sansa Guest

    Re: Access to host file is denied

    it's working well. never got the bit defender site to work. found a new issue and this may be with this site only and it just started now or maybe it started because i'm using IE 8 now to access the site. i had been using firefox.

    I would log in and then i'd have to log in again. and then it was loading the page and then reloading the page and it kept repeating until i logged in and checked the remember me box.

    Other than that everything is fine.
     
  20. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: Access to host file is denied

    Hi sansa

    I'm glad everything's running ok now.

    Let's finish off the cleaning process.

    Step 1
    • Please double-click OTL.exe to run it.
    • You should see a CleanUp! button, press that button,
    • This will remove any programs we have asked you to download along with there associated folders.. plus itself.

    Note:
    MBAM will not be removed

    Step 2
    Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Select the drive for cleaning then click OK (usually 'C' drive)
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    To find out how you may have been infected....read this topic:
    So how did i get infected?

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
    • Use an AntiVirus Software
      Note*:
      Upon installation MS Security Essentials will check that your OS is a legal copy.

      Only install one AntiVirus program
    • Update your AntiVirus Software regularly

    • Use a 3rd party Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

      Only install one software Firewall

    • Scan regularly with a 'Stand Alone' Anti-Malware scanner:
      Installing another scanner that you can run once or twice a week is always beneficial.
      Something like:
      Malwarebytes Anti-Malware
      SUPERAntiSypware
      Remember to update these programs each time before running.
      You can install more than one of these if you only run them as stand alone programs.

    • Use an alternative browser:
      Some excellent alternatives to MS Internet Explorer are:

      Firefox
      For added security, add the NoScript extension to this browser:
      Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

      Opera

      They offer better security, more stability, and better speed.

    • Keep your system clean of temp files etc, using a 'Cleaner':

      Cleaners are programs that will help to clean out your:
      Windows temp files
      Current user temp files
      Cookies
      Temporary Internet flies
      Browser history
      Recycle bin
      Etc.......
      In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
      Programs like:
      CCleaner
      TFC by OldTimer
      ATF Cleaner

    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:
      Using and installing SpywareBlaster

    • Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

    Follow this list and your potential for being infected again will reduce dramatically.

    Glad I was able to help.
     

Share This Page