Cannot do google search or any web searches

November 15, 2009 at 08:49:02
Specs: Windows XP 2002 sp3

Hello, I cannot do a google search or any other web searches. If I go to Google.com my computer just keeps loading. If I am on a website (mapquest, oprah.com - even Computing.net) I cannot do a search, it just keeps "searching"
My malwareBytes detects nothing. Can you help?
Thanks
DR

See More: Cannot do google search or any web searches

Report •


#1
November 15, 2009 at 10:04:27

Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.<P:>Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply.


Report •

#2
November 15, 2009 at 10:30:42

Starting up...
Running from C:\Documents and Setting\owner\my documents\downloads\win32kDiag.exe
Log File at: C:\Documents and Setting\owner\desktop\win32kdiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\windows' ...
Finished! Press any key to exit...

Report •

#3
November 15, 2009 at 10:35:08

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-11-15 13:36:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 452 GB (95%) free of 477 GB
Total RAM: 502 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:48 PM, on 11/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6177 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BBD5C937-822B-4352-A140-297611B49275}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-28 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"DLCJCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16 []
"dlcjmon.exe"=C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe [2005-08-12 430080]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 964\memcard.exe [2005-08-10 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-11 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a265102-9ed2-11de-ac19-806d6172696f}]
shell\AutoRun\command - D:\autorun.exe
shell\readme\command - notepad readme.txt
shell\Setup\command - D:\install.exe


======List of files/folders created in the last 1 months======

2009-11-15 13:36:20 ----D---- C:\Program Files\trend micro
2009-11-15 13:36:16 ----D---- C:\rsit
2009-11-12 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-05 12:48:49 ----D---- C:\WINDOWS\Minidump
2009-11-05 12:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
2009-11-05 12:46:56 ----A---- C:\WINDOWS\ka.ini
2009-11-05 12:45:39 ----D---- C:\Program Files\Common Files\Vivendi Universal Games
2009-11-05 12:45:39 ----D---- C:\Program Files\Barbie(TM)
2009-10-28 18:48:09 ----D---- C:\Program Files\CyberDefender

======List of files/folders modified in the last 1 months======

2009-11-15 13:36:20 ----RD---- C:\Program Files
2009-11-15 13:36:11 ----D---- C:\WINDOWS\Prefetch
2009-11-15 12:34:33 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-11-15 12:15:29 ----D---- C:\Program Files\Mozilla Firefox
2009-11-15 00:09:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-12 16:24:30 ----D---- C:\WINDOWS\Temp
2009-11-12 16:24:30 ----D---- C:\Program Files\Dl_cats
2009-11-12 03:17:24 ----D---- C:\WINDOWS\Registration
2009-11-12 03:17:24 ----D---- C:\WINDOWS
2009-11-12 03:17:06 ----D---- C:\WINDOWS\system32
2009-11-12 03:00:34 ----HD---- C:\WINDOWS\inf
2009-11-12 03:00:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-12 03:00:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-11 07:02:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-10 10:37:05 ----D---- C:\WINDOWS\system32\config
2009-11-10 10:36:57 ----D---- C:\WINDOWS\system32\wbem
2009-11-05 12:53:28 ----D---- C:\WINDOWS\pchealth
2009-11-05 12:45:39 ----D---- C:\Program Files\Common Files
2009-11-05 12:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-05 03:19:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-05 03:00:34 ----A---- C:\WINDOWS\imsins.BAK
2009-10-28 19:23:45 ----D---- C:\WINDOWS\system32\drivers
2009-10-28 19:23:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 19:22:16 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-28 18:48:25 ----A---- C:\WINDOWS\win.ini
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-15 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-11 153376]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 dlcj_device;dlcj_device; C:\WINDOWS\system32\dlcjcoms.exe [2005-07-12 491520]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 182768]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-03-15 38912]

-----------------EOF-----------------


Report •

Related Solutions

#4
November 15, 2009 at 10:38:48

info.txt logfile of random's system information tool 1.06 2009-11-15 13:36:51

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
Barbie(TM) Fashion Show(TM) CD-ROM-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\FashionUn.exe
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Photo AIO Printer 964-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjUNST.EXE -NOLICENSE
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org 3.1-->MsiExec.exe /I{A16B3EA2-8798-4960-8D8B-18D3149AD617}
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
64.86.16.97 google.ae
64.86.16.97 google.as
64.86.16.97 google.at
64.86.16.97 google.az
64.86.16.97 google.ba
64.86.16.97 google.be
64.86.16.97 google.bg
64.86.16.97 google.bs
64.86.16.97 google.ca
64.86.16.97 google.cd
64.86.16.97 google.com.gh
64.86.16.97 google.com.hk
64.86.16.97 google.com.jm
64.86.16.97 google.com.mx
64.86.16.97 google.com.my
64.86.16.97 google.com.na
64.86.16.97 google.com.nf
64.86.16.97 google.com.ng
64.86.16.97 google.ch
64.86.16.97 google.com.np
64.86.16.97 google.com.pr
64.86.16.97 google.com.qa
64.86.16.97 google.com.sg
64.86.16.97 google.com.tj
64.86.16.97 google.com.tw
64.86.16.97 google.dj
64.86.16.97 google.de
64.86.16.97 google.dk
64.86.16.97 google.dm
64.86.16.97 google.ee
64.86.16.97 google.fi
64.86.16.97 google.fm
64.86.16.97 google.fr
64.86.16.97 google.ge
64.86.16.97 google.gg
64.86.16.97 google.gm
64.86.16.97 google.gr
64.86.16.97 google.ht
64.86.16.97 google.ie
64.86.16.97 google.im
64.86.16.97 google.in
64.86.16.97 google.it
64.86.16.97 google.ki
64.86.16.97 google.la
64.86.16.97 google.li
64.86.16.97 google.lv
64.86.16.97 google.ma
64.86.16.97 google.ms
64.86.16.97 google.mu
64.86.16.97 google.mw
64.86.16.97 google.nl
64.86.16.97 google.no
64.86.16.97 google.nr
64.86.16.97 google.nu
64.86.16.97 google.pl
64.86.16.97 google.pn
64.86.16.97 google.pt
64.86.16.97 google.ro
64.86.16.97 google.ru
64.86.16.97 google.rw
64.86.16.97 google.sc
64.86.16.97 google.se
64.86.16.97 google.sh
64.86.16.97 google.si
64.86.16.97 google.sm
64.86.16.97 google.sn
64.86.16.97 google.st
64.86.16.97 google.tl
64.86.16.97 google.tm
64.86.16.97 google.tt
64.86.16.97 google.us
64.86.16.97 google.vu
64.86.16.97 google.ws
64.86.16.97 google.co.ck
64.86.16.97 google.co.id
64.86.16.97 google.co.il
64.86.16.97 google.co.in
64.86.16.97 google.co.jp
64.86.16.97 google.co.kr
64.86.16.97 google.co.ls
64.86.16.97 google.co.ma
64.86.16.97 google.co.nz
64.86.16.97 google.co.tz
64.86.16.97 google.co.ug
64.86.16.97 google.co.uk
64.86.16.97 google.co.za
64.86.16.97 google.co.zm
64.86.16.97 google.com
64.86.16.97 google.com.af
64.86.16.97 google.com.ag
64.86.16.97 google.com.ar
64.86.16.97 google.com.au
64.86.16.97 google.com.bn
64.86.16.97 google.com.br
64.86.16.97 google.com.by
64.86.16.97 google.com.bz
64.86.16.97 google.com.cu
64.86.16.97 google.com.ec
64.86.16.97 google.com.fj
64.86.16.97 www.google.ae
64.86.16.97 www.google.as
64.86.16.97 www.google.at
64.86.16.97 www.google.az
64.86.16.97 www.google.ba
64.86.16.97 www.google.be
64.86.16.97 www.google.bg
64.86.16.97 www.google.bs
64.86.16.97 www.google.ca
64.86.16.97 www.google.cd
64.86.16.97 www.google.com.gh
64.86.16.97 www.google.com.hk
64.86.16.97 www.google.com.jm
64.86.16.97 www.google.com.mx
64.86.16.97 www.google.com.my
64.86.16.97 www.google.com.na
64.86.16.97 www.google.com.nf
64.86.16.97 www.google.com.ng
64.86.16.97 www.google.ch
64.86.16.97 www.google.com.np
64.86.16.97 www.google.com.pr
64.86.16.97 www.google.com.qa
64.86.16.97 www.google.com.sg
64.86.16.97 www.google.com.tj
64.86.16.97 www.google.com.tw
64.86.16.97 www.google.dj
64.86.16.97 www.google.de
64.86.16.97 www.google.dk
64.86.16.97 www.google.dm
64.86.16.97 www.google.ee
64.86.16.97 www.google.fi
64.86.16.97 www.google.fm
64.86.16.97 www.google.fr
64.86.16.97 www.google.ge
64.86.16.97 www.google.gg
64.86.16.97 www.google.gm
64.86.16.97 www.google.gr
64.86.16.97 www.google.ht
64.86.16.97 www.google.ie
64.86.16.97 www.google.im
64.86.16.97 www.google.in
64.86.16.97 www.google.it
64.86.16.97 www.google.ki
64.86.16.97 www.google.la
64.86.16.97 www.google.li
64.86.16.97 www.google.lv
64.86.16.97 www.google.ma
64.86.16.97 www.google.ms
64.86.16.97 www.google.mu
64.86.16.97 www.google.mw
64.86.16.97 www.google.nl
64.86.16.97 www.google.no
64.86.16.97 www.google.nr
64.86.16.97 www.google.nu
64.86.16.97 www.google.pl
64.86.16.97 www.google.pn
64.86.16.97 www.google.pt
64.86.16.97 www.google.ro
64.86.16.97 www.google.ru
64.86.16.97 www.google.rw
64.86.16.97 www.google.sc
64.86.16.97 www.google.se
64.86.16.97 www.google.sh
64.86.16.97 www.google.si
64.86.16.97 www.google.sm
64.86.16.97 www.google.sn
64.86.16.97 www.google.st
64.86.16.97 www.google.tl
64.86.16.97 www.google.tm
64.86.16.97 www.google.tt
64.86.16.97 www.google.us
64.86.16.97 www.google.vu
64.86.16.97 www.google.ws
64.86.16.97 www.google.co.ck
64.86.16.97 www.google.co.id
64.86.16.97 www.google.co.il
64.86.16.97 www.google.co.in
64.86.16.97 www.google.co.jp
64.86.16.97 www.google.co.kr
64.86.16.97 www.google.co.ls
64.86.16.97 www.google.co.ma
64.86.16.97 www.google.co.nz
64.86.16.97 www.google.co.tz
64.86.16.97 www.google.co.ug
64.86.16.97 www.google.co.uk
64.86.16.97 www.google.co.za
64.86.16.97 www.google.co.zm
64.86.16.97 www.google.com
64.86.16.97 www.google.com.af
64.86.16.97 www.google.com.ag
64.86.16.97 www.google.com.ar
64.86.16.97 www.google.com.au
64.86.16.97 www.google.com.bn
64.86.16.97 www.google.com.br
64.86.16.97 www.google.com.by
64.86.16.97 www.google.com.bz
64.86.16.97 www.google.com.cu
64.86.16.97 www.google.com.ec
64.86.16.97 www.google.com.fj
64.86.16.97 google.com
64.86.16.97 www.google.com
64.86.16.97 bing.com
64.86.16.97 www.bing.com
64.86.16.97 search.yahoo.com
64.86.16.97 www.search.yahoo.com
64.86.16.97 search.live.com
64.86.16.97 search.msn.com


======System event log======

Computer Name: OWNER-XP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001320D6CE3E. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 390
Source Name: Dhcp
Time Written: 20090919045525.000000-240
Event Type: warning
User:

Computer Name: OWNER-XP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001320D6CE3E. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 389
Source Name: Dhcp
Time Written: 20090919024017.000000-240
Event Type: warning
User:

Computer Name: OWNER-XP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001320D6CE3E. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 388
Source Name: Dhcp
Time Written: 20090918221004.000000-240
Event Type: warning
User:

Computer Name: OWNER-XP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 381
Source Name: W32Time
Time Written: 20090916234859.000000-240
Event Type: warning
User:

Computer Name: OWNER-XP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 346
Source Name: W32Time
Time Written: 20090912072735.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: OWNER-XP
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 26
Source Name: WinMgmt
Time Written: 20090911142900.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-XP
Event Code: 1031
Message:
Record Number: 15
Source Name: ASP.NET 1.0.3705.6018
Time Written: 20090911142525.000000-240
Event Type: error
User:

Computer Name: OWNER-XP
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20090911142511.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-XP
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20090911142511.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-XP
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20090911142509.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Report •

#5
November 15, 2009 at 14:23:45

Please download HostsXpert from the following link:

HostsXpert

Extract the HostsXpert.zip by doing the following:Right-click HostsXpert.zip and select extract all – Follow the wizard and extract it to your DesktopClick Finish. Double-click the HostsXpert folder and then double-click HostsXpert.exe. Click “ Restore MS Hosts File” and press OK.Exit the program.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#6
November 15, 2009 at 15:34:24

How do I temporarily disconnect MalwareBytes

Report •

#7
November 15, 2009 at 15:54:28

Ok- i just disconnected Malwarebytes altogether ( will reinstall another time)
I ran Combo-fix.exe and I get a date error:2009-11-15

Report •

#8
November 15, 2009 at 15:54:58

No need to do anything to malwarebytes, its a removal tool, not an anti-spyware tool or antivirus.

Is Trend Micro your antivirus? If so it needs to be disabled, if not you need an antivirus program.


Report •

#9
November 15, 2009 at 16:02:48

Ok- I will work on getting an Antivirus program after we fix this problem - currently only use Malwarebytes ( and now it is disabled)
How do I proceed?

Report •

#10
November 15, 2009 at 16:08:58

Just as it says in response #5.

Report •

#11
November 15, 2009 at 16:09:25

I just did a computer search for Trend Micro on my hard drive and found 3 files - I clicked on them and each lead me to Hijackthis ( created 11/15/09 at 1:36pm)- I don't know what this is or why it is on my computer

Report •

#12
November 15, 2009 at 16:10:14

I ran Combo-fix.exe and I get a date error:2009-11-15

Report •

#13
November 15, 2009 at 16:54:21

That is a Subs is ticked off error, the author. Looks like he has pulled it from public use for now.

Please download OTL from following site:

Link1

1. Save it to your desktop
2. Double click the OTL icon on your desktop.
3. Click the “scan all users” checkbox.
4. Push the “run scan” button.
5. Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


Report •

#14
November 15, 2009 at 17:01:05

OTL logfile created on: 11/15/2009 8:01:50 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 186.58 Mb Available Physical Memory | 37.16% Memory free
1.20 Gb Paging File | 0.94 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 440.96 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-XP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/11 13:46:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/11 15:01:04 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/11 14:59:43 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/09/11 14:59:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/11 14:59:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/19 08:52:06 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 08:52:04 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/05/19 00:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 12:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 19:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/23 19:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/23 19:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/08/12 15:47:14 | 00,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
PRC - [2005/08/10 09:12:14 | 00,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/12 16:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2004/08/10 03:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2004/08/10 03:04:42 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2004/08/10 03:04:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehRecvr.exe
PRC - [2004/08/10 03:04:36 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/09/11 15:01:03 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/09/11 14:59:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/15 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2005/07/12 16:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2004/08/10 03:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2004/08/10 03:04:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehRecvr.exe -- (ehRecvr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/03/23 19:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/03/15 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/11/16 14:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/10/14 15:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2004/08/10 02:39:56 | 00,019,840 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/03 21:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/11/17 14:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:11:18 | 00,020,160 | ---- | M] (ADMtek Incorporated) -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC17...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\S-1-5-21-1644491937-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/11 14:59:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/11 18:52:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 13:46:38 | 00,000,000 | ---D | M]

[2009/09/14 08:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/14 08:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/14 22:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\extensions
[2009/09/26 17:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/09/26 17:40:29 | 00,004,212 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\searchplugins\aim-search.xml
[2009/09/14 08:15:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/11 13:46:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/11 13:46:27 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/11 13:46:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/11/11 13:46:33 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/11/11 13:46:34 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/11 13:46:34 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/11 13:46:34 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/11 13:46:34 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/11 13:46:34 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/05 17:02:14 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
[2009/11/11 13:46:34 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/11 13:46:34 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (6467 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 64.86.16.97 google.ae
O1 - Hosts: 64.86.16.97 google.as
O1 - Hosts: 64.86.16.97 google.at
O1 - Hosts: 64.86.16.97 google.az
O1 - Hosts: 64.86.16.97 google.ba
O1 - Hosts: 64.86.16.97 google.be
O1 - Hosts: 64.86.16.97 google.bg
O1 - Hosts: 64.86.16.97 google.bs
O1 - Hosts: 64.86.16.97 google.ca
O1 - Hosts: 64.86.16.97 google.cd
O1 - Hosts: 64.86.16.97 google.com.gh
O1 - Hosts: 64.86.16.97 google.com.hk
O1 - Hosts: 194 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1644491937-162531612-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1644491937-162531612-725345543-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1644491937-162531612-725345543-1003..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1644491937-162531612-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1644491937-162531612-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microso... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/get... (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/11 13:29:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\Setup\command - "" = D:\install.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/11/15 20:01:27 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/15 20:00:20 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/11/15 18:27:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/15 18:26:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/15 18:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2009/11/15 18:10:56 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/11/15 18:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/15 18:10:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/11/15 13:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/11/15 13:36:16 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/05 12:48:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/11/05 12:47:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2009/11/05 12:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Vivendi Universal Games
[2009/11/05 12:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Barbie(TM)
[2009/10/28 18:48:09 | 00,000,000 | ---D | C] -- C:\Program Files\CyberDefender
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/15 19:54:58 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBD5C937-822B-4352-A140-297611B49275}.job
[2009/11/15 19:47:22 | 03,560,622 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/11/15 18:45:35 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 18:45:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/15 18:45:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/15 18:45:18 | 01,572,864 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/11/15 18:44:55 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/15 18:44:49 | 06,414,746 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/15 18:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/12 03:17:08 | 00,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/08 20:34:10 | 00,021,404 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\social sutdieeees.odt
[2009/11/06 10:16:40 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.doc
[2009/11/06 10:14:59 | 00,047,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.odt
[2009/11/05 12:46:56 | 00,000,119 | ---- | M] () -- C:\WINDOWS\ka.ini
[2009/11/05 12:46:55 | 00,001,950 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barbie(TM) Fashion Show(TM) CD-ROM.lnk
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/05 10:48:40 | 00,175,940 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\little lost lady.rtf
[2009/11/05 03:19:14 | 00,414,658 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/05 03:19:14 | 00,363,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/05 03:19:14 | 00,045,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/05 03:00:34 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 18:43:49 | 00,721,284 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\demi and nikki.rtf
[2009/10/28 20:12:48 | 00,015,984 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\science project.odt
[2009/10/28 18:48:25 | 00,000,544 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/28 18:48:14 | 00,000,222 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\PC Support.url
[2009/10/26 21:26:38 | 00,015,659 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\sentences2.odt
[2009/10/26 20:53:14 | 00,019,630 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\sentences.odt
[2009/10/26 19:53:36 | 00,014,999 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tally.odt
[2009/10/24 21:23:10 | 00,021,921 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\s.s mega project 1 oral reppppport.odt
[2009/10/24 16:58:31 | 00,043,252 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\s.s mega project 1.odt
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/21 19:54:25 | 00,007,420 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\chart.ods
[2009/10/21 15:18:34 | 00,012,405 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\grades.odt
[2009/10/19 18:02:19 | 04,084,162 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\miley nikki.rtf
[2009/10/18 16:58:01 | 00,934,672 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\b n.rtf
[2009/10/18 14:12:39 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AVON labels.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/11/15 19:47:21 | 03,560,622 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/11/06 10:14:58 | 00,047,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.odt
[2009/11/06 03:58:47 | 01,572,864 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/11/05 12:46:56 | 00,000,119 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/11/05 12:46:55 | 00,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barbie(TM) Fashion Show(TM) CD-ROM.lnk
[2009/11/05 10:48:40 | 00,175,940 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\little lost lady.rtf
[2009/11/01 19:57:18 | 00,721,284 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\demi and nikki.rtf
[2009/10/28 18:48:14 | 00,000,222 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\PC Support.url
[2009/10/27 18:26:30 | 00,015,984 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\science project.odt
[2009/10/26 21:26:37 | 00,015,659 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\sentences2.odt
[2009/10/26 20:53:14 | 00,019,630 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\sentences.odt
[2009/10/26 19:53:26 | 00,014,999 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tally.odt
[2009/10/24 21:23:09 | 00,021,921 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\s.s mega project 1 oral reppppport.odt
[2009/10/24 16:58:28 | 00,043,252 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\s.s mega project 1.odt
[2009/10/21 19:54:23 | 00,007,420 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\chart.ods
[2009/10/21 15:18:33 | 00,012,405 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\grades.odt
[2009/10/19 18:02:18 | 04,084,162 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\miley nikki.rtf
[2009/10/18 16:58:01 | 00,934,672 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\b n.rtf
[2009/10/03 17:18:41 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/09/20 20:06:29 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2009/09/20 20:05:10 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2009/09/20 20:05:10 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2009/09/20 20:05:10 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2009/09/20 20:05:10 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2009/09/20 20:05:10 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2009/09/20 20:05:09 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2009/09/20 20:05:09 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2009/09/20 20:05:09 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2009/09/20 20:05:08 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2009/09/20 20:05:08 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2009/09/20 20:05:04 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2009/09/20 20:05:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2009/09/20 20:05:04 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2009/09/20 20:05:04 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2009/09/20 20:05:03 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2009/09/20 20:05:03 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2009/09/20 20:05:03 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2009/09/20 20:05:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2009/09/19 10:10:33 | 00,018,056 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/11 14:13:27 | 06,414,746 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/11 13:44:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2009/09/11 08:05:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/03/15 07:00:00 | 00,000,544 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/15 07:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2009/09/11 15:45:01 | 00,179,200 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\3?MLB&NFL??????.xls) -- C:\Documents and Settings\Owner\My Documents\3日MLB&NFL现货库存清单.xls
[2009/01/02 22:47:55 | 00,179,200 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\3?MLB&NFL??????.xls) -- C:\Documents and Settings\Owner\My Documents\3日MLB&NFL现货库存清单.xls
< End of report >

Report •

#15
November 15, 2009 at 17:01:51

OTL Extras logfile created on: 11/15/2009 8:01:50 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 186.58 Mb Available Physical Memory | 37.16% Memory free
1.20 Gb Paging File | 0.94 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 440.96 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-XP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{A16B3EA2-8798-4960-8D8B-18D3149AD617}" = OpenOffice.org 3.1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Barbie(TM) Fashion Show(TM) CD-ROM" = Barbie(TM) Fashion Show(TM) CD-ROM
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PROSet" = Intel(R) PRO Network Connections Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/28/2009 8:09:35 PM | Computer Name = OWNER-XP | Source = Media Center Scheduler | ID = 0
Description =

Error - 10/28/2009 8:11:36 PM | Computer Name = OWNER-XP | Source = Media Center Scheduler | ID = 0
Description =

Error - 11/5/2009 4:17:53 AM | Computer Name = OWNER-XP | Source = Media Center Scheduler | ID = 0
Description =

Error - 11/5/2009 1:50:09 PM | Computer Name = OWNER-XP | Source = Media Center Scheduler | ID = 0
Description =

Error - 11/5/2009 1:52:27 PM | Computer Name = OWNER-XP | Source = Media Center Scheduler | ID = 0
Description =

Error - 11/5/2009 1:53:33 PM | Computer Name = OWNER-XP | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 11/6/2009 6:54:00 PM | Computer Name = OWNER-XP | Source = Media Center Scheduler | ID = 0
Description =

Error - 11/10/2009 11:38:48 AM | Computer Name = OWNER-XP | Source = Media Center Scheduler | ID = 0
Description =

Error - 11/10/2009 11:40:06 AM | Computer Name = OWNER-XP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/10/2009 11:40:23 AM | Computer Name = OWNER-XP | Source = Application Error | ID = 1001
Description = Fault bucket 00536409.

[ System Events ]
Error - 11/5/2009 1:50:25 PM | Computer Name = OWNER-XP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 11/5/2009 1:52:43 PM | Computer Name = OWNER-XP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 11/6/2009 6:54:16 PM | Computer Name = OWNER-XP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 11/8/2009 8:39:42 PM | Computer Name = OWNER-XP | Source = Print | ID = 6161
Description = The document mhtml:mid://00000002/ owned by Owner failed to print
on printer Dell Photo AIO Printer 964. Data type: LEMF. Size of the spool file in
bytes: 262692. Number of bytes printed: 262692. Total number of pages in the document:
1. Number of pages printed: 0. Client machine: \\OWNER-XP. Win32 error code returned
by the print processor: 0 (0x0).

Error - 11/10/2009 11:39:07 AM | Computer Name = OWNER-XP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 11/10/2009 11:40:13 AM | Computer Name = OWNER-XP | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 c021a480, parameter2 00000002, parameter3
00000000, parameter4 8052067d.

Error - 11/10/2009 11:40:50 AM | Computer Name = OWNER-XP | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 82c9c65c, parameter2 00000002, parameter3
00000000, parameter4 8051192f.

Error - 11/10/2009 11:40:52 AM | Computer Name = OWNER-XP | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 806373a1, parameter3
a9c84b0c, parameter4 00000000.

Error - 11/15/2009 7:47:08 PM | Computer Name = OWNER-XP | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 11/15/2009 7:47:08 PM | Computer Name = OWNER-XP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi redbook


< End of report >

Report •

#16
November 16, 2009 at 10:39:47

Hey, you've left me hanging.....
What's next?

Report •

#17
November 16, 2009 at 14:47:03

I'm researching your logs.

Report •

#18
November 16, 2009 at 14:51:10

Thank you - I greatly appreciate all your help

Report •

#19
November 16, 2009 at 15:44:04

This should reset your locked permissions in xp pro.

Please copy the contents between the X's below, open notepad and paste it there. On the top toolbar in notepad select file, then save as.
In the box that opens type in permR.bat for the file name. Right below that click the down arrow in the line for save as and select
all files. Save this to your desktop and close notepad.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
CACLS "C:\WINDOWS\system32\drivers\etc\Hosts" /P BUILTIN\Users:R "BUILTIN\Power Users:R" "BUILTIN\Administrators:F" "NT AUTHORITY\SYSTEM:F" "OWNER-XP/Owner:F"
CACLS "C:\WINDOWS\system32\drivers\etc\Hosts" >perml.txt&perml.txt&DEL perml.txt

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


Then double click on permR.bat, the command prompt will pop up and prompt you (y\n)? press y then Enter.
A notepad will now open please copy the contents in your next reply.

Next if you were successful and got the y/n prompt run HostExpert again and post a new RSIT log.


Report •

#20
November 16, 2009 at 16:53:40

Hhhmmmm... Didn't get a y/n prompt - But did get 2 open windows
1st - Perml - NOTEPAD
C:\WINDOWS\system32\drivers\etc\hosts NT AUTHORITY\Authenticated Users:(special access:)

READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_READ_DATA
FILE_READ_EA
FILE_READ_ATTRIBUTES


2nd - C:\windows\system32\cmd.exe window
Black screen -Would you like me to post its contents too?


Report •

#21
November 16, 2009 at 17:03:48

Go to Start > Run then copy and paste the following line into the run box, then click Ok.

cmd /c CACLS "C:\WINDOWS\system32\drivers\etc\Hosts" /P BUILTIN\Users:R

It should prompt you Y/N press y and enter.


Next do the same with this command:

cmd /K CACLS "C:\WINDOWS\system32\drivers\etc\Hosts" /E /G "BUILTIN\Power Users:R"

It will not prompt you to press Y\N this time, if it was successful you should get this message "Processed file C:\WINDOWS\system32\drivers\etc\Hosts"
If not you will get some other message, let me know what it says.


Report •

#22
November 16, 2009 at 17:09:53

ok - Got the message
Processed file C:\WINDOWS\system32\drivers\etc\Hosts
C:|Documents and Settings\owner>

Report •

#23
November 16, 2009 at 17:33:46

Run HostExpert and post a new RSIT or OTL report.

Report •

#24
November 16, 2009 at 17:40:03

OTL logfile created on: 11/16/2009 8:41:12 PM - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 231.03 Mb Available Physical Memory | 46.01% Memory free
1.20 Gb Paging File | 0.88 Gb Available in Paging File | 73.20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-XP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/11 13:46:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/11 15:01:04 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/11 14:59:43 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/09/11 14:59:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/11 14:59:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/19 08:52:06 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 08:52:04 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/05/19 00:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 12:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 19:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/23 19:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/23 19:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/08/12 15:47:14 | 00,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
PRC - [2005/08/10 09:12:14 | 00,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/12 16:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2004/08/10 03:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2004/08/10 03:04:42 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2004/08/10 03:04:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehRecvr.exe
PRC - [2004/08/10 03:04:36 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/09/11 15:01:03 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/09/11 14:59:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/15 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2005/07/12 16:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2004/08/10 03:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2004/08/10 03:04:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehRecvr.exe -- (ehRecvr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/03/23 19:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/03/15 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/11/16 14:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/10/14 15:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2004/08/10 02:39:56 | 00,019,840 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/03 21:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/11/17 14:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:11:18 | 00,020,160 | ---- | M] (ADMtek Incorporated) -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC17...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1644491937-162531612-725345543-1003\S-1-5-21-1644491937-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/11 14:59:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/11 18:52:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 13:46:38 | 00,000,000 | ---D | M]

[2009/09/14 08:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/14 08:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/15 22:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\extensions
[2009/09/26 17:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/09/26 17:40:29 | 00,004,212 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\searchplugins\aim-search.xml
[2009/09/14 08:15:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/11 13:46:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/11 13:46:27 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/11 13:46:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/11/11 13:46:33 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/11/11 13:46:34 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/11 13:46:34 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/11 13:46:34 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/11 13:46:34 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/11 13:46:34 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/05 17:02:14 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
[2009/11/11 13:46:34 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/11 13:46:34 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (6467 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 64.86.16.97 google.ae
O1 - Hosts: 64.86.16.97 google.as
O1 - Hosts: 64.86.16.97 google.at
O1 - Hosts: 64.86.16.97 google.az
O1 - Hosts: 64.86.16.97 google.ba
O1 - Hosts: 64.86.16.97 google.be
O1 - Hosts: 64.86.16.97 google.bg
O1 - Hosts: 64.86.16.97 google.bs
O1 - Hosts: 64.86.16.97 google.ca
O1 - Hosts: 64.86.16.97 google.cd
O1 - Hosts: 64.86.16.97 google.com.gh
O1 - Hosts: 64.86.16.97 google.com.hk
O1 - Hosts: 194 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1644491937-162531612-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1644491937-162531612-725345543-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1644491937-162531612-725345543-1003..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1644491937-162531612-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1644491937-162531612-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microso... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/get... (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/11 13:29:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\Setup\command - "" = D:\install.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/11/15 20:01:27 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/15 20:00:20 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/11/15 18:27:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/15 18:26:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/15 18:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2009/11/15 18:10:56 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/11/15 18:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/15 18:10:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/11/15 13:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/11/15 13:36:16 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/05 12:48:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/11/05 12:47:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2009/11/05 12:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Vivendi Universal Games
[2009/11/05 12:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Barbie(TM)
[2009/10/28 18:48:09 | 00,000,000 | ---D | C] -- C:\Program Files\CyberDefender
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009/11/16 20:40:26 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBD5C937-822B-4352-A140-297611B49275}.job
[2009/11/16 20:07:57 | 00,010,315 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\notes.odt
[2009/11/16 19:47:01 | 00,000,240 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\permR.bat
[2009/11/16 13:41:08 | 00,028,327 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SJ- Diary.odt
[2009/11/16 09:13:00 | 00,019,955 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SJ-upsee.odt
[2009/11/16 09:10:08 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Support Jam Sreadsheet.xls
[2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/15 19:47:22 | 03,560,622 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/11/15 18:45:35 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 18:45:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/15 18:45:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/15 18:45:18 | 01,572,864 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/11/15 18:44:55 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/15 18:44:49 | 06,414,746 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/15 18:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/12 03:17:08 | 00,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/08 20:34:10 | 00,021,404 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\social sutdieeees.odt
[2009/11/06 10:16:40 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.doc
[2009/11/06 10:14:59 | 00,047,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.odt
[2009/11/05 12:46:56 | 00,000,119 | ---- | M] () -- C:\WINDOWS\ka.ini
[2009/11/05 12:46:55 | 00,001,950 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barbie(TM) Fashion Show(TM) CD-ROM.lnk
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/05 10:48:40 | 00,175,940 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\little lost lady.rtf
[2009/11/05 03:19:14 | 00,414,658 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/05 03:19:14 | 00,363,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/05 03:19:14 | 00,045,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/05 03:00:34 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 18:43:49 | 00,721,284 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\demi and nikki.rtf
[2009/10/28 20:12:48 | 00,015,984 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\science project.odt
[2009/10/28 18:48:25 | 00,000,544 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/28 18:48:14 | 00,000,222 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\PC Support.url
[2009/10/26 21:26:38 | 00,015,659 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\sentences2.odt
[2009/10/26 20:53:14 | 00,019,630 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\sentences.odt
[2009/10/26 19:53:36 | 00,014,999 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tally.odt
[2009/10/24 21:23:10 | 00,021,921 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\s.s mega project 1 oral reppppport.odt
[2009/10/24 16:58:31 | 00,043,252 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\s.s mega project 1.odt
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/21 19:54:25 | 00,007,420 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\chart.ods
[2009/10/21 15:18:34 | 00,012,405 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\grades.odt
[2009/10/19 18:02:19 | 04,084,162 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\miley nikki.rtf
[2009/10/18 16:58:01 | 00,934,672 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\b n.rtf
[2009/10/18 14:12:39 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AVON labels.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/11/16 20:07:56 | 00,010,315 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\notes.odt
[2009/11/16 19:47:01 | 00,000,240 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\permR.bat
[2009/11/16 13:08:10 | 00,028,327 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SJ- Diary.odt
[2009/11/16 09:12:59 | 00,019,955 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SJ-upsee.odt
[2009/11/15 19:47:21 | 03,560,622 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/11/06 10:14:58 | 00,047,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.odt
[2009/11/06 03:58:47 | 01,572,864 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/11/05 12:46:56 | 00,000,119 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/11/05 12:46:55 | 00,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barbie(TM) Fashion Show(TM) CD-ROM.lnk
[2009/11/05 10:48:40 | 00,175,940 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\little lost lady.rtf
[2009/11/01 19:57:18 | 00,721,284 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\demi and nikki.rtf
[2009/10/28 18:48:14 | 00,000,222 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\PC Support.url
[2009/10/27 18:26:30 | 00,015,984 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\science project.odt
[2009/10/26 21:26:37 | 00,015,659 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\sentences2.odt
[2009/10/26 20:53:14 | 00,019,630 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\sentences.odt
[2009/10/26 19:53:26 | 00,014,999 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tally.odt
[2009/10/24 21:23:09 | 00,021,921 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\s.s mega project 1 oral reppppport.odt
[2009/10/24 16:58:28 | 00,043,252 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\s.s mega project 1.odt
[2009/10/21 19:54:23 | 00,007,420 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\chart.ods
[2009/10/21 15:18:33 | 00,012,405 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\grades.odt
[2009/10/19 18:02:18 | 04,084,162 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\miley nikki.rtf
[2009/10/18 16:58:01 | 00,934,672 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\b n.rtf
[2009/10/03 17:18:41 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/09/20 20:06:29 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2009/09/20 20:05:10 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2009/09/20 20:05:10 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2009/09/20 20:05:10 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2009/09/20 20:05:10 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2009/09/20 20:05:10 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2009/09/20 20:05:09 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2009/09/20 20:05:09 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2009/09/20 20:05:09 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2009/09/20 20:05:08 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2009/09/20 20:05:08 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2009/09/20 20:05:04 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2009/09/20 20:05:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2009/09/20 20:05:04 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2009/09/20 20:05:04 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2009/09/20 20:05:03 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2009/09/20 20:05:03 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2009/09/20 20:05:03 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2009/09/20 20:05:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2009/09/19 10:10:33 | 00,018,056 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/11 14:13:27 | 06,414,746 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/11 13:44:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2009/09/11 08:05:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/03/15 07:00:00 | 00,000,544 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/15 07:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2009/09/11 15:45:01 | 00,179,200 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\3?MLB&NFL??????.xls) -- C:\Documents and Settings\Owner\My Documents\3日MLB&NFL现货库存清单.xls
[2009/01/02 22:47:55 | 00,179,200 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\3?MLB&NFL??????.xls) -- C:\Documents and Settings\Owner\My Documents\3日MLB&NFL现货库存清单.xls
< End of report >

Report •

#25
November 16, 2009 at 18:04:39

Did HostExpert run? If it did run it again thus way and post a new rsit log :

•Click HostsXpert.exe
•Click "Make Hosts Writable?" in the upper right corner (If available).
•Click Restore Microsoft's Hosts file and then click OK.
•Click the X to exit the program.

If it didn't run there is no need to do anything just let me know.


Report •

#26
November 16, 2009 at 18:21:13

Ok - Hostsxpert will not let me "make hosts writable"
WARNING: Your hosts file is marked as a "system file" and cannot be manipulated.
Hostsxpert will not reset these attributes.

Then when I click on Restore MS host file and click ok
I get
ERROR: cannot create file C:\Windows\system32\drivers\etc\hosts


Report •

#27
November 16, 2009 at 18:34:44

Lets try it differently

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following,everything between the X's:


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Report •

#28
November 16, 2009 at 18:49:33

All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Owner
->Temp folder emptied: 46953130 bytes
->Temporary Internet Files folder emptied: 169313388 bytes
->Java cache emptied: 28298564 bytes
->FireFox cache emptied: 200595722 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1240100 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 173505405 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 874790300 bytes

Total Files Cleaned = 1425.55 mb


OTL by OldTimer - Version 3.1.5.0 log created on 11162009_214452

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Report •

#29
November 16, 2009 at 18:51:29

OTL logfile created on: 11/16/2009 9:52:44 PM - Run 3
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 170.59 Mb Available Physical Memory | 33.98% Memory free
1.20 Gb Paging File | 0.91 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 442.28 Gb Free Space | 94.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-XP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/11 13:46:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/11 15:01:04 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/11 14:59:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/11 14:59:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/19 08:52:06 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 08:52:04 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/05/19 00:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/02/27 16:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008/11/06 12:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 19:12:28 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/23 19:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/23 19:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/08/12 15:47:14 | 00,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
PRC - [2005/08/10 09:12:14 | 00,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/12 16:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2004/08/10 03:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2004/08/10 03:04:42 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2004/08/10 03:04:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehRecvr.exe
PRC - [2004/08/10 03:04:36 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/09/11 15:01:03 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/09/11 14:59:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/15 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2005/07/12 16:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2004/08/10 03:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2004/08/10 03:04:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehRecvr.exe -- (ehRecvr)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC17...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/11 14:59:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/11 18:52:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/11 13:46:38 | 00,000,000 | ---D | M]

[2009/09/14 08:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/14 08:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/15 22:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\extensions
[2009/09/26 17:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/09/26 17:40:29 | 00,004,212 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9mp5lk6a.default\searchplugins\aim-search.xml
[2009/09/14 08:15:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/11 13:46:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/11 13:46:27 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/11 13:46:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/11/11 13:46:33 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/11/11 13:46:34 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/11 13:46:34 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/11 13:46:34 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/11 13:46:34 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/11 13:46:34 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/05 17:02:14 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
[2009/11/11 13:46:34 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/11 13:46:34 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microso... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/get... (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/11 13:29:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{8a265102-9ed2-11de-ac19-806d6172696f}\Shell\Setup\command - "" = D:\install.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]

[2009/11/16 21:44:52 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/15 20:01:27 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/15 20:00:20 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/11/15 18:27:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/15 18:26:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/15 18:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2009/11/15 18:10:56 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/11/15 18:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/15 18:10:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/11/15 13:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/11/15 13:36:16 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/05 12:48:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/11/05 12:47:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2009/11/05 12:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Vivendi Universal Games
[2009/11/05 12:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Barbie(TM)

[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]

[2009/11/16 21:49:03 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/16 21:49:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/16 21:49:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 21:48:29 | 01,572,864 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/11/16 21:48:29 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/16 21:44:55 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/11/16 21:40:12 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBD5C937-822B-4352-A140-297611B49275}.job
[2009/11/16 20:07:57 | 00,010,315 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\notes.odt
[2009/11/16 19:47:01 | 00,000,240 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\permR.bat
[2009/11/16 13:41:08 | 00,028,327 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SJ- Diary.odt
[2009/11/16 09:13:00 | 00,019,955 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SJ-upsee.odt
[2009/11/16 09:10:08 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Support Jam Sreadsheet.xls
[2009/11/15 20:01:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/15 19:47:22 | 03,560,622 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/11/15 18:44:49 | 06,414,746 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/15 18:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/12 03:17:08 | 00,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/08 20:34:10 | 00,021,404 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\social sutdieeees.odt
[2009/11/06 10:16:40 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.doc
[2009/11/06 10:14:59 | 00,047,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.odt
[2009/11/05 12:46:56 | 00,000,119 | ---- | M] () -- C:\WINDOWS\ka.ini
[2009/11/05 12:46:55 | 00,001,950 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barbie(TM) Fashion Show(TM) CD-ROM.lnk
[2009/11/05 10:48:40 | 00,175,940 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\little lost lady.rtf
[2009/11/05 03:19:14 | 00,414,658 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/05 03:19:14 | 00,363,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/05 03:19:14 | 00,045,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/05 03:00:34 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/11/16 20:07:56 | 00,010,315 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\notes.odt
[2009/11/16 19:47:01 | 00,000,240 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\permR.bat
[2009/11/16 13:08:10 | 00,028,327 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SJ- Diary.odt
[2009/11/16 09:12:59 | 00,019,955 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SJ-upsee.odt
[2009/11/15 19:47:21 | 03,560,622 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/11/06 10:14:58 | 00,047,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Thank you so much for your order.odt
[2009/11/06 03:58:47 | 01,572,864 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/11/05 12:46:56 | 00,000,119 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/11/05 12:46:55 | 00,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barbie(TM) Fashion Show(TM) CD-ROM.lnk
[2009/11/05 10:48:40 | 00,175,940 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\little lost lady.rtf
[2009/10/03 17:18:41 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/09/20 20:06:29 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2009/09/20 20:05:10 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2009/09/20 20:05:10 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2009/09/20 20:05:10 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2009/09/20 20:05:10 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2009/09/20 20:05:10 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2009/09/20 20:05:09 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2009/09/20 20:05:09 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2009/09/20 20:05:09 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2009/09/20 20:05:08 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2009/09/20 20:05:08 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2009/09/20 20:05:04 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2009/09/20 20:05:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2009/09/20 20:05:04 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2009/09/20 20:05:04 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2009/09/20 20:05:03 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2009/09/20 20:05:03 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2009/09/20 20:05:03 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2009/09/20 20:05:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2009/09/19 10:10:33 | 00,018,056 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/11 14:13:27 | 06,414,746 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/11 13:44:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2009/09/11 08:05:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/03/15 07:00:00 | 00,000,544 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/15 07:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== LOP Check ==========[/color]

[2009/09/26 17:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/09/26 17:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/11/05 12:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2009/09/20 20:11:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/09/26 17:39:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/03 17:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/19 20:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/09/22 17:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2006/03/15 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/16 21:49:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/16 21:40:12 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBD5C937-822B-4352-A140-297611B49275}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2009/09/11 15:45:01 | 00,179,200 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\3?MLB&NFL??????.xls) -- C:\Documents and Settings\Owner\My Documents\3日MLB&NFL现货库存清单.xls
[2009/01/02 22:47:55 | 00,179,200 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\3?MLB&NFL??????.xls) -- C:\Documents and Settings\Owner\My Documents\3日MLB&NFL现货库存清单.xls
< End of report >

Report •

#30
November 16, 2009 at 18:56:55

That looks better, can you search now and are you being redirected?

Report •

#31
November 16, 2009 at 19:04:31

OMG! - All my searches work and so does Google

Report •

#32
November 16, 2009 at 19:06:47

Thank you, sincerely for helping me with this.
You spent a lot of time on this - above and beyond!

Report •

#33
November 16, 2009 at 19:09:43

Anything else i should do before calling it a night?

Report •

#34
November 16, 2009 at 19:13:55

Thanks for hanging in there and doing such a good job.

Now for some clean-up.

You can uninstall Hijack This from add/remove programs. Then just delete RSIT and OTL from the desktop and program files.

Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#35
November 17, 2009 at 10:36:52

Ok- all clear.
Thanks once again.

Report •


Ask Question